redline | 3de6feab0f88fea9cf115ca6d02d0a0194f7f5bd744ddb7645f0510404d86306 | Triage

Sharing

General

Target

09b8353ba30da7abd836ea8b2bce535e.bin
Size

531KB
Sample

230614-bdlm6acf6s
MD5

575e4324b5e346a56ac597c675a05077
SHA1

54b1538f9ea1762ccf058875961246236db19693
SHA256

3de6feab0f88fea9cf115ca6d02d0a0194f7f5bd744ddb7645f0510404d86306
SHA512

ed63fe63a5ed911e6f277ae2e059ba6b6edb0eecb069e1db8a5b29a610f277048882c5d741c59688618b1bc104314d81615fca7d2812c6303e98bde8ecb739f5
SSDEEP

12288:8AVrciClXp5KWCUCtP3B7Oy9DEWrEU0wK216IobvXIHvNR:tVAisTfW3ByyhrEU0wHHQf0NR

Score

10^/10

redline doro infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doro

C2

83.97.73.129:19068

Attributes

auth_value
03f411441fb3fa233179c2cc8ffbce27

Targets

- Target
  
  4fe304e1ceef6b6a6cd174669f74707f5d832911fc7cbc6a07e50c84d1703c4f.exe
- Size
  
  575KB
- MD5
  
  09b8353ba30da7abd836ea8b2bce535e
- SHA1
  
  ee3a106546f8e19477b91463685b75a4c161de56
- SHA256
  
  4fe304e1ceef6b6a6cd174669f74707f5d832911fc7cbc6a07e50c84d1703c4f
- SHA512
  
  82fbe09471c47202062ecc3c1a746612fbea5b6f6ab9a07273812bfff5839fb1d008f2f08d42731710f6045981834e5297099804df684c24cce99a294fe3bc58
- SSDEEP
  
  12288:SMrUy905YmSPZYR0J0UkAswi8fOm1UrEBIITGxwbT5tC5QG4W:Syj7xgI0U5hWu2E/TGk3ha
Score

10^/10

redline doro infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedoroinfostealerpersistence

behavioral2

redlinedoroinfostealerpersistence