redline | 1cb8f7d875e858bd44810f77fa8001653d978b3d320708dd6b6b309bb284dbee | Triage

Sharing

General

Target

1cb8f7d875e858bd44810f77fa8001653d978b3d320708dd6b6b309bb284dbee
Size

578KB
Sample

230607-fej8yahd7y
MD5

e832ba64b351a225f1d6d090935f9551
SHA1

f82b5e704fa34d3bbaba34b6d29355afa0254029
SHA256

1cb8f7d875e858bd44810f77fa8001653d978b3d320708dd6b6b309bb284dbee
SHA512

c4b73173b278eb1902110354ff63854eaa9879d6867b3252a0c0fd08f381596e1708a8a700a7a100e4ec25b055f4c7ca7a04b3130973aa5f0b74187ba5867ac4
SSDEEP

12288:gMray90qWeAQXZ+usIHJBEN3KmRYg49fqM5eX9ij2n9ru5NYxbjpf:Ky4oZ+usIHjEXsDHqpUYxbNf

Score

10^/10

redline dasa infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dasa

C2

83.97.73.126:19048

Attributes

auth_value
7eca6ed540c2dcd359aed5b67c4eda07

Targets

- Target
  
  1cb8f7d875e858bd44810f77fa8001653d978b3d320708dd6b6b309bb284dbee
- Size
  
  578KB
- MD5
  
  e832ba64b351a225f1d6d090935f9551
- SHA1
  
  f82b5e704fa34d3bbaba34b6d29355afa0254029
- SHA256
  
  1cb8f7d875e858bd44810f77fa8001653d978b3d320708dd6b6b309bb284dbee
- SHA512
  
  c4b73173b278eb1902110354ff63854eaa9879d6867b3252a0c0fd08f381596e1708a8a700a7a100e4ec25b055f4c7ca7a04b3130973aa5f0b74187ba5867ac4
- SSDEEP
  
  12288:gMray90qWeAQXZ+usIHJBEN3KmRYg49fqM5eX9ij2n9ru5NYxbjpf:Ky4oZ+usIHjEXsDHqpUYxbNf
Score

10^/10

redline dasa infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedasainfostealerpersistence

behavioral2

redlinedasainfostealerpersistence