redline | a8d25eebb258abb8283ec3124a7a95fc1c684665ce8869932591d4abfcf0a5a0 | Triage

Sharing

General

Target

f125d452d4cfd90efa6ff0b4bc4e12c2.exe
Size

781KB
Sample

230612-stl3asdc8y
MD5

f125d452d4cfd90efa6ff0b4bc4e12c2
SHA1

1be18b41815ebdf4049bb53d290dce80df79e55a
SHA256

a8d25eebb258abb8283ec3124a7a95fc1c684665ce8869932591d4abfcf0a5a0
SHA512

a3832fd71e030eea72e6313a0e22108a1447d1e7b7065378de326ea25a26b53f1c6dd9655a9f0d3cbdb0c3b7482006631ca0c55749ac2f1a0d48d576b6de792e
SSDEEP

12288:7Mr1y90ba0iaHKGZ+lZ5gKHQHVDbtewrDNB3YzgjMNi0CS4TohKR9yaqnPFxmMxs:6yb0vH5ZE8Kutec8gz0hQJR8j8MG

Score

10^/10

redline boris infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

boris

C2

83.97.73.129:19068

Attributes

auth_value
205e4fccc0f8c7da1d56fb1da4ac5e6a

Targets

- Target
  
  f125d452d4cfd90efa6ff0b4bc4e12c2.exe
- Size
  
  781KB
- MD5
  
  f125d452d4cfd90efa6ff0b4bc4e12c2
- SHA1
  
  1be18b41815ebdf4049bb53d290dce80df79e55a
- SHA256
  
  a8d25eebb258abb8283ec3124a7a95fc1c684665ce8869932591d4abfcf0a5a0
- SHA512
  
  a3832fd71e030eea72e6313a0e22108a1447d1e7b7065378de326ea25a26b53f1c6dd9655a9f0d3cbdb0c3b7482006631ca0c55749ac2f1a0d48d576b6de792e
- SSDEEP
  
  12288:7Mr1y90ba0iaHKGZ+lZ5gKHQHVDbtewrDNB3YzgjMNi0CS4TohKR9yaqnPFxmMxs:6yb0vH5ZE8Kutec8gz0hQJR8j8MG
Score

10^/10

redline boris infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineborisinfostealerpersistence

behavioral2

redlineborisinfostealerpersistence