redline | f8c960f79319e773cb5491c14ca4bdad349334ab5c9c61da66225641e1af4dda | Triage

Sharing

General

Target

04093699.exe
Size

585KB
Sample

230606-s2zncsed39
MD5

cdeedcc74a65bbf2d908bad6d34e00f2
SHA1

2d36561512046a42fb0d65d208905a0390c8fe6d
SHA256

f8c960f79319e773cb5491c14ca4bdad349334ab5c9c61da66225641e1af4dda
SHA512

84937ee5cdd28f3e65e181bb0222323f37bb77f9a525ddb982473c379e0017446f2609f4bda054c0f3a846dd6e55ac9e2e5d8c20be596b232cbab7953cad94b4
SSDEEP

12288:EMrhy90PbcMTrqJUoh54wGIRLMvf1nVSTMG:lyEbpO7h54yAfdG

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  04093699.exe
- Size
  
  585KB
- MD5
  
  cdeedcc74a65bbf2d908bad6d34e00f2
- SHA1
  
  2d36561512046a42fb0d65d208905a0390c8fe6d
- SHA256
  
  f8c960f79319e773cb5491c14ca4bdad349334ab5c9c61da66225641e1af4dda
- SHA512
  
  84937ee5cdd28f3e65e181bb0222323f37bb77f9a525ddb982473c379e0017446f2609f4bda054c0f3a846dd6e55ac9e2e5d8c20be596b232cbab7953cad94b4
- SSDEEP
  
  12288:EMrhy90PbcMTrqJUoh54wGIRLMvf1nVSTMG:lyEbpO7h54yAfdG
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence

behavioral2