redline | df69d2c8a41a796c33d7a623977ef8a4d4b85cb02b9907fa3ce1c7e777837966 | Triage

Sharing

General

Target

8eaa8200ae1edab74652da8c3.exe
Size

514KB
Sample

230709-tlh64sec79
MD5

8eaa8200ae1edab74652da8c3db0b8e0
SHA1

817310ecc48861a9a52f83321090e5bd33c78f14
SHA256

df69d2c8a41a796c33d7a623977ef8a4d4b85cb02b9907fa3ce1c7e777837966
SHA512

ca623502fcd9e8f28096ac3b58261914150cf0de2fd4bf5156b595c7cf87a526417987c8fc825b67c70d3495ff970b391ea9bfd52aacd65a259d8e8057400e0c
SSDEEP

12288:Sob/GfvfaRdnQgfdj16fH/xcK3FH0fIp30n:SI/cvf82gfCfH/x9VH0Qp30n

Score

10^/10

redline furod infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes

auth_value
d2386245fe11799b28b4521492a5879d

Targets

- Target
  
  8eaa8200ae1edab74652da8c3.exe
- Size
  
  514KB
- MD5
  
  8eaa8200ae1edab74652da8c3db0b8e0
- SHA1
  
  817310ecc48861a9a52f83321090e5bd33c78f14
- SHA256
  
  df69d2c8a41a796c33d7a623977ef8a4d4b85cb02b9907fa3ce1c7e777837966
- SHA512
  
  ca623502fcd9e8f28096ac3b58261914150cf0de2fd4bf5156b595c7cf87a526417987c8fc825b67c70d3495ff970b391ea9bfd52aacd65a259d8e8057400e0c
- SSDEEP
  
  12288:Sob/GfvfaRdnQgfdj16fH/xcK3FH0fIp30n:SI/cvf82gfCfH/x9VH0Qp30n
Score

10^/10

redline furod infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefurodinfostealerpersistence

behavioral2

redlinefurodinfostealerpersistence