redline | d5a93e1e0c463a406b2c08ff3ef6154ec13aa65ef12852334694955c31b5f263 | Triage

Sharing

General

Target

d5a93e1e0c463a406b2c08ff3ef6154ec13aa65ef12852334694955c31b5f263
Size

585KB
Sample

230606-mmq5sadc23
MD5

d2c76b7d5df38dfec2982a73a22fceec
SHA1

8e79e94d4b241135b39c40e7ce5684d687078c07
SHA256

d5a93e1e0c463a406b2c08ff3ef6154ec13aa65ef12852334694955c31b5f263
SHA512

979028166afa2ff8fba01a76a975d8a61bd2f5f339d7fd49c97888d87af3b860bce0903a7161f6a8f3f08693356cff2608360c81351a86682789c34e00958fdf
SSDEEP

12288:0Mryy90WG92hPULn1EI4FmqXvqnwPqE2CuDyvWnQJ47p4Jc2:+yfG9nj1EcqXvqg2bDWu/4a2

Score

10^/10

redline diza discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  d5a93e1e0c463a406b2c08ff3ef6154ec13aa65ef12852334694955c31b5f263
- Size
  
  585KB
- MD5
  
  d2c76b7d5df38dfec2982a73a22fceec
- SHA1
  
  8e79e94d4b241135b39c40e7ce5684d687078c07
- SHA256
  
  d5a93e1e0c463a406b2c08ff3ef6154ec13aa65ef12852334694955c31b5f263
- SHA512
  
  979028166afa2ff8fba01a76a975d8a61bd2f5f339d7fd49c97888d87af3b860bce0903a7161f6a8f3f08693356cff2608360c81351a86682789c34e00958fdf
- SSDEEP
  
  12288:0Mryy90WG92hPULn1EI4FmqXvqnwPqE2CuDyvWnQJ47p4Jc2:+yfG9nj1EcqXvqg2bDWu/4a2
Score

10^/10

redline diza discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizadiscoveryinfostealerpersistencespywarestealer