redline | 037cba00bb14891c6e6f91d115b7205721eeefb3464c60dbef6a9dd374accd92 | Triage

Sharing

General

Target

037cba00bb14891c6e6f91d115b7205721eeefb3464c6.exe
Size

517KB
Sample

230707-wz667sbe2t
MD5

7f170afae905d5b0c992931753cdf377
SHA1

b13968b4ffa1c8a425553a137b36892a9386f851
SHA256

037cba00bb14891c6e6f91d115b7205721eeefb3464c60dbef6a9dd374accd92
SHA512

65dcb5853a95e71b7d18c1c9a9e63629e57e54ed4e49ce3b0582a72bef2e0fa5308569700ce9467802422ed4129f72706580eac710a42231bd3322924291705a
SSDEEP

12288:Dwr5fvvaRdnQgFx56nfKcanmICbqvmcO/v+:Dwr1vv82gFLw64bqvaH+

Score

10^/10

redline furod infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes

auth_value
d2386245fe11799b28b4521492a5879d

Targets

- Target
  
  037cba00bb14891c6e6f91d115b7205721eeefb3464c6.exe
- Size
  
  517KB
- MD5
  
  7f170afae905d5b0c992931753cdf377
- SHA1
  
  b13968b4ffa1c8a425553a137b36892a9386f851
- SHA256
  
  037cba00bb14891c6e6f91d115b7205721eeefb3464c60dbef6a9dd374accd92
- SHA512
  
  65dcb5853a95e71b7d18c1c9a9e63629e57e54ed4e49ce3b0582a72bef2e0fa5308569700ce9467802422ed4129f72706580eac710a42231bd3322924291705a
- SSDEEP
  
  12288:Dwr5fvvaRdnQgFx56nfKcanmICbqvmcO/v+:Dwr1vv82gFLw64bqvaH+
Score

10^/10

redline furod infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefurodinfostealerpersistence

behavioral2

redlinefurodinfostealerpersistence