redline | 86ab42464328e3c2be9058bdaedd58d64689a269d47b3d7a105f5095e9d18c8f | Triage

Sharing

General

Target

95dbd6a9c065bc50de08888eb.exe
Size

512KB
Sample

230708-wx25gaab3x
MD5

95dbd6a9c065bc50de08888eb366fad5
SHA1

9d30766ec69abde7ea13aade6d07495f16bfd6b1
SHA256

86ab42464328e3c2be9058bdaedd58d64689a269d47b3d7a105f5095e9d18c8f
SHA512

4a57981d073e40394bbda108c7227cb4cdc6c52881f7309fe64ecf2e8a4bdc2f52834441af7f63096ed2d419d3b5d0d6cdf8c8b198e993fdc590da09b5728939
SSDEEP

12288:+wcwfvwaRdnQgzGv1BBLH9rJXitnJey7BFm5Xz9vl:+wc6vw82gzGdjvXiN/N+z

Score

10^/10

redline furod infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes

auth_value
d2386245fe11799b28b4521492a5879d

Targets

- Target
  
  95dbd6a9c065bc50de08888eb.exe
- Size
  
  512KB
- MD5
  
  95dbd6a9c065bc50de08888eb366fad5
- SHA1
  
  9d30766ec69abde7ea13aade6d07495f16bfd6b1
- SHA256
  
  86ab42464328e3c2be9058bdaedd58d64689a269d47b3d7a105f5095e9d18c8f
- SHA512
  
  4a57981d073e40394bbda108c7227cb4cdc6c52881f7309fe64ecf2e8a4bdc2f52834441af7f63096ed2d419d3b5d0d6cdf8c8b198e993fdc590da09b5728939
- SSDEEP
  
  12288:+wcwfvwaRdnQgzGv1BBLH9rJXitnJey7BFm5Xz9vl:+wc6vw82gzGdjvXiN/N+z
Score

10^/10

redline furod infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefurodinfostealerpersistence

behavioral2

redlinefurodinfostealerpersistence