redline | 2dbc5df7f1a75e9b32342157b83637fc506cf50985c9a5a4b2bc188089140feb | Triage

Sharing

General

Target

2dbc5df7f1a75e9b32342157b83637fc506cf50985c9a5a4b2bc188089140feb
Size

582KB
Sample

230616-vrt18sff7v
MD5

bb620e75023b749a6f73991a35c7c7e6
SHA1

5c536372d4359e4d13e0db41d4ef622098b0cca6
SHA256

2dbc5df7f1a75e9b32342157b83637fc506cf50985c9a5a4b2bc188089140feb
SHA512

a94b302937f2ef52fac6ece656dc8304f4e0bb397fbf2ea8e1c0f9ab70f09b920d4e4f0dfb47f373e282c4f7766d02cd691d6b83d4d56fe6dbf892c4a0d0b04c
SSDEEP

12288:1MrGy90CllcSe05Z+F1yT1qNgds85O0cnBqs8/0:ryVASGFczdKXnsss0

Score

10^/10

redline dedo infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dedo

C2

83.97.73.130:19061

Attributes

auth_value
ac76f7438fbe49011f900c651cb85e26

Targets

- Target
  
  2dbc5df7f1a75e9b32342157b83637fc506cf50985c9a5a4b2bc188089140feb
- Size
  
  582KB
- MD5
  
  bb620e75023b749a6f73991a35c7c7e6
- SHA1
  
  5c536372d4359e4d13e0db41d4ef622098b0cca6
- SHA256
  
  2dbc5df7f1a75e9b32342157b83637fc506cf50985c9a5a4b2bc188089140feb
- SHA512
  
  a94b302937f2ef52fac6ece656dc8304f4e0bb397fbf2ea8e1c0f9ab70f09b920d4e4f0dfb47f373e282c4f7766d02cd691d6b83d4d56fe6dbf892c4a0d0b04c
- SSDEEP
  
  12288:1MrGy90CllcSe05Z+F1yT1qNgds85O0cnBqs8/0:ryVASGFczdKXnsss0
Score

10^/10

redline dedo infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinededoinfostealerpersistence