redline | 6816f39228b4cbfaf3244df96f5869de774c64ca5c0a1debac55e8aaf603cec7 | Triage

Sharing

General

Target

6816f39228b4cbfaf3244df96f5869de774c64ca5c0a1debac55e8aaf603cec7
Size

206KB
Sample

230705-nk91jsbg74
MD5

541c8d96f6c4db33d703a5a871c8d2cc
SHA1

541b7e8b26fe3ed00c06a9691293bf300cf57047
SHA256

6816f39228b4cbfaf3244df96f5869de774c64ca5c0a1debac55e8aaf603cec7
SHA512

145e4eb9f5c20f5cfdcf8a87ce2a4d6378b7ed7af8474337880b32730a2f8fee980ee537e4c989e70480633839be072dec835124c0453defbec8b096a9a933a5
SSDEEP

3072:KNy+bnr+O1b5GWp1icKAArDZz4N9GhbkrNEk1jKfx/QILgqvLDWnnnlu3DcaoR:KNy+bnr+cp0yN90QEQKssL4nIoN

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.130:19061

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  6816f39228b4cbfaf3244df96f5869de774c64ca5c0a1debac55e8aaf603cec7
- Size
  
  206KB
- MD5
  
  541c8d96f6c4db33d703a5a871c8d2cc
- SHA1
  
  541b7e8b26fe3ed00c06a9691293bf300cf57047
- SHA256
  
  6816f39228b4cbfaf3244df96f5869de774c64ca5c0a1debac55e8aaf603cec7
- SHA512
  
  145e4eb9f5c20f5cfdcf8a87ce2a4d6378b7ed7af8474337880b32730a2f8fee980ee537e4c989e70480633839be072dec835124c0453defbec8b096a9a933a5
- SSDEEP
  
  3072:KNy+bnr+O1b5GWp1icKAArDZz4N9GhbkrNEk1jKfx/QILgqvLDWnnnlu3DcaoR:KNy+bnr+cp0yN90QEQKssL4nIoN
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence

behavioral2

redlinedizainfostealerpersistence