redline | f2c5ddc3419a950c3982431685406152d0462ff8e6e44eac77ba23a76ddc8193 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a8800547a451d02364cbc909.exe
Size

518KB
Sample

230707-yn4caabb49
MD5

3a8800547a451d02364cbc9090a1b5c2
SHA1

2fab4370af0984942f027ee633eae44e3813e4b7
SHA256

f2c5ddc3419a950c3982431685406152d0462ff8e6e44eac77ba23a76ddc8193
SHA512

a96d9820a58740853220cafbcdba49e70274d53214abbdf520301668074fa8b5cbab8ab54899d6b8e1d159f61d5974b9f42608ac19b24042e66f0d279159e3cb
SSDEEP

12288:CC1tcfv+aRdnQgr4w1wSGfG6iShoBZjlhDwz:CC1t2v+82g5aSGfG6F4ZZuz

Score

10^/10

redline furod infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes

auth_value
d2386245fe11799b28b4521492a5879d

Targets

- Target
  
  3a8800547a451d02364cbc909.exe
- Size
  
  518KB
- MD5
  
  3a8800547a451d02364cbc9090a1b5c2
- SHA1
  
  2fab4370af0984942f027ee633eae44e3813e4b7
- SHA256
  
  f2c5ddc3419a950c3982431685406152d0462ff8e6e44eac77ba23a76ddc8193
- SHA512
  
  a96d9820a58740853220cafbcdba49e70274d53214abbdf520301668074fa8b5cbab8ab54899d6b8e1d159f61d5974b9f42608ac19b24042e66f0d279159e3cb
- SSDEEP
  
  12288:CC1tcfv+aRdnQgr4w1wSGfG6iShoBZjlhDwz:CC1t2v+82g5aSGfG6F4ZZuz
Score

10^/10

redline furod infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefurodinfostealerpersistence

behavioral2

redlinefurodinfostealerpersistence