redline | d2ea79a47c266922fb9c860fdfcee1d49049882311cbbeb6457c4400e1475d32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e221d2410b84869b0bc3722a81309f2.bin
Size

437KB
Sample

230711-lhfyksga75
MD5

42105fcbc2f07445909381531b9876d9
SHA1

9b884698fc3379e61854bf914d52df1e937d58f8
SHA256

d2ea79a47c266922fb9c860fdfcee1d49049882311cbbeb6457c4400e1475d32
SHA512

17803fc555d4da66c5377287045b41dd117a4ec4ae6483070bc9d38fb42fc18366df0fc5001bc044b63bd723052c387802ddd33a75f62cf51e449168b2fd7d79
SSDEEP

12288:Urh4O07ep3x0ucs8MCxjAbdwFMvX+qUG9Q2:U5uK3x6JERcU+f2

Score

10^/10

redline furod infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes

auth_value
d2386245fe11799b28b4521492a5879d

Targets

- Target
  
  5dc72cb883881486f5acc3243736694c266a6ed751b31e8168c84c77e0515432.exe
- Size
  
  517KB
- MD5
  
  3e221d2410b84869b0bc3722a81309f2
- SHA1
  
  60c5b521ec6e033989614c3755ca1e8b8a3ed5d9
- SHA256
  
  5dc72cb883881486f5acc3243736694c266a6ed751b31e8168c84c77e0515432
- SHA512
  
  4ea9014e11b7bac3e8e820d8ed7b2f08690c1d67162c09f7f292d3b3dcf343b8d2ea2ea163c77481fcd06a69b1d93a551a8df6c5c8e870ea0eb80e57e41d57c3
- SSDEEP
  
  12288:GIsAEP+6WSx4u/4fviaRdnQgxG4kT9/HeuqVxRTWY:o4u/Svi82gxG9RNUjv
Score

10^/10

redline furod infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefurodinfostealerpersistence

behavioral2

redlinefurodinfostealerpersistence