redline | 70a05e978655780229302b3d6d675369868c6b6c5adb492167acba65534913d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70a05e978655780229302b3d6d675369868c6b6c5adb492167acba65534913d7
Size

1014KB
Sample

230713-279vysbe63
MD5

6617255851cebabe201a41d9773ef6de
SHA1

0d6ff46e9135c2414df803c6c017ddf3b96466f4
SHA256

70a05e978655780229302b3d6d675369868c6b6c5adb492167acba65534913d7
SHA512

3bf107aed8c7b5b8af18881c20cae067dad9240f88575eb7566d7bed22aa08ff32e829981b0b47ef51c22d76f8e1694faaca36e151624e9c112df4d5e0e9e923
SSDEEP

24576:8yiFzBZl1eGg5Dtt36qvmG5/go6dMkzTGdjya:rGzBD1eF5DtlA0/N+MkGdjy

Score

10^/10

redline masha infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes

auth_value
55b9b39a0dae383196a4b8d79e5bb805

Targets

- Target
  
  70a05e978655780229302b3d6d675369868c6b6c5adb492167acba65534913d7
- Size
  
  1014KB
- MD5
  
  6617255851cebabe201a41d9773ef6de
- SHA1
  
  0d6ff46e9135c2414df803c6c017ddf3b96466f4
- SHA256
  
  70a05e978655780229302b3d6d675369868c6b6c5adb492167acba65534913d7
- SHA512
  
  3bf107aed8c7b5b8af18881c20cae067dad9240f88575eb7566d7bed22aa08ff32e829981b0b47ef51c22d76f8e1694faaca36e151624e9c112df4d5e0e9e923
- SSDEEP
  
  24576:8yiFzBZl1eGg5Dtt36qvmG5/go6dMkzTGdjya:rGzBD1eF5DtlA0/N+MkGdjy
Score

10^/10

redline masha infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemashainfostealerpersistence