redline | e127e0e44449a6b22815cb287eb366ecd5dd82faeac5a0297ceefd579107f8d5 | Triage

Sharing

General

Target

4f548eda618efe4ba011c51105b29a13.exe
Size

578KB
Sample

230610-zdj2bsge6t
MD5

4f548eda618efe4ba011c51105b29a13
SHA1

d666ae299cc1b5e9348c16c9f1fd67fafcfe1795
SHA256

e127e0e44449a6b22815cb287eb366ecd5dd82faeac5a0297ceefd579107f8d5
SHA512

de9c4d5e26870c4cab5f6657243aa61fae010fb15d60662b81c7ab16720589c7df39c626aecf98dd3d50c1794172026a180bbe86d8f545610ad9e720e1320eae
SSDEEP

12288:UMrYy90YVN4nDS0k4imT++D6wvd8VwAHJ1emvuNfj7B/:8yZVKm0kakwvd8Vwkem2z

Score

10^/10

redline dast infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dast

C2

83.97.73.129:19068

Attributes

auth_value
17d71bf1a3f93284f5848e00b0dd8222

Targets

- Target
  
  4f548eda618efe4ba011c51105b29a13.exe
- Size
  
  578KB
- MD5
  
  4f548eda618efe4ba011c51105b29a13
- SHA1
  
  d666ae299cc1b5e9348c16c9f1fd67fafcfe1795
- SHA256
  
  e127e0e44449a6b22815cb287eb366ecd5dd82faeac5a0297ceefd579107f8d5
- SHA512
  
  de9c4d5e26870c4cab5f6657243aa61fae010fb15d60662b81c7ab16720589c7df39c626aecf98dd3d50c1794172026a180bbe86d8f545610ad9e720e1320eae
- SSDEEP
  
  12288:UMrYy90YVN4nDS0k4imT++D6wvd8VwAHJ1emvuNfj7B/:8yZVKm0kakwvd8Vwkem2z
Score

10^/10

redline dast infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedastinfostealerpersistence

behavioral2

redlinedastinfostealerpersistence