redline | 1d5340d637fce5e7d3a4f1079e8164e227261383feefd2308f7ee76911f436b2 | Triage

Sharing

General

Target

1d5340d637fce5e7d3a4f1079e8164e227261383feefd2308f7ee76911f436b2
Size

578KB
Sample

230607-p77z5sbc21
MD5

559fb84baf6d7a8e007719aee2d7843b
SHA1

8808f9e518511a56bb9df8141039287b4b85fc9a
SHA256

1d5340d637fce5e7d3a4f1079e8164e227261383feefd2308f7ee76911f436b2
SHA512

09c2d8a6215c99edb1ba3b893e27e3da061d491a33ce18a604662cf1a91a3cf5f97376a76d8541e6072d982c80471329efce47d1d6e767bde02c675aa43d76d2
SSDEEP

12288:yMrWy90Y3jOQF/AZeGw9kS6M6Zv4sc211hAOBCP0KkQ:wytzNHl0va21/JW

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.129:19068

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  1d5340d637fce5e7d3a4f1079e8164e227261383feefd2308f7ee76911f436b2
- Size
  
  578KB
- MD5
  
  559fb84baf6d7a8e007719aee2d7843b
- SHA1
  
  8808f9e518511a56bb9df8141039287b4b85fc9a
- SHA256
  
  1d5340d637fce5e7d3a4f1079e8164e227261383feefd2308f7ee76911f436b2
- SHA512
  
  09c2d8a6215c99edb1ba3b893e27e3da061d491a33ce18a604662cf1a91a3cf5f97376a76d8541e6072d982c80471329efce47d1d6e767bde02c675aa43d76d2
- SSDEEP
  
  12288:yMrWy90Y3jOQF/AZeGw9kS6M6Zv4sc211hAOBCP0KkQ:wytzNHl0va21/JW
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence