redline | 720db36b3d85431e6837b9bd15fa534fbca23df3b0db991be3184d8c05f55748 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

720db36b3d85431e6837b9bd1.exe
Size

514KB
Sample

230708-t7dthsff67
MD5

3f8f066367d99ea21c6ef83ccbfc1694
SHA1

29d5f77eba1c9be4fa6d8899e8173c38e5a1210b
SHA256

720db36b3d85431e6837b9bd15fa534fbca23df3b0db991be3184d8c05f55748
SHA512

6f240e19893a4ead2cc33a8261dfe1ae9e2c499cc993e07873c05127827232a17e49e40ebc65b57d6f9b91c0d5ebb7072403c6db6ef7a1a98f8d1dd2edd4f1c2
SSDEEP

12288:UJ/rve+fvqaRdnQgdAWMCXdX2h+XGFjpnlCNUmfU/uusM7N:UJTvVvq82gdAW1dmpFjCNjUvZJ

Score

10^/10

redline furod infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes

auth_value
d2386245fe11799b28b4521492a5879d

Targets

- Target
  
  720db36b3d85431e6837b9bd1.exe
- Size
  
  514KB
- MD5
  
  3f8f066367d99ea21c6ef83ccbfc1694
- SHA1
  
  29d5f77eba1c9be4fa6d8899e8173c38e5a1210b
- SHA256
  
  720db36b3d85431e6837b9bd15fa534fbca23df3b0db991be3184d8c05f55748
- SHA512
  
  6f240e19893a4ead2cc33a8261dfe1ae9e2c499cc993e07873c05127827232a17e49e40ebc65b57d6f9b91c0d5ebb7072403c6db6ef7a1a98f8d1dd2edd4f1c2
- SSDEEP
  
  12288:UJ/rve+fvqaRdnQgdAWMCXdX2h+XGFjpnlCNUmfU/uusM7N:UJTvVvq82gdAW1dmpFjCNjUvZJ
Score

10^/10

redline furod infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefurodinfostealerpersistence

behavioral2

redlinefurodinfostealerpersistence