redline | c526e10b5d27c008796fb11887cd2ce130f97321980404a45a1e3d80f3c8bb9b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c526e10b5d27c008796fb11887cd2ce130f97321980404a45a1e3d80f3c8bb9b
Size

1015KB
Sample

230714-ka7wnadf51
MD5

9ac130138862a0d01ed360241acd7ba5
SHA1

7d83ee72dd67efcac65e7004ec3b570cc9ca6952
SHA256

c526e10b5d27c008796fb11887cd2ce130f97321980404a45a1e3d80f3c8bb9b
SHA512

d085b277d7ddfc5bd2bd35a1e9280e77abc69d6bc827a759872240e2bcebc2803e7b4da34e2e1569528c8c9c7e39d0e2ce72cb9d41bb741901a1a9532ac80069
SSDEEP

24576:qyACuKT7PmQ9kGdAzGDvW9+AXt0YiHsRNcHYebrzp2B7cM4:xACuKDkmAzGDm1UHsr+5HclcM

Score

10^/10

redline masha infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes

auth_value
55b9b39a0dae383196a4b8d79e5bb805

Targets

- Target
  
  c526e10b5d27c008796fb11887cd2ce130f97321980404a45a1e3d80f3c8bb9b
- Size
  
  1015KB
- MD5
  
  9ac130138862a0d01ed360241acd7ba5
- SHA1
  
  7d83ee72dd67efcac65e7004ec3b570cc9ca6952
- SHA256
  
  c526e10b5d27c008796fb11887cd2ce130f97321980404a45a1e3d80f3c8bb9b
- SHA512
  
  d085b277d7ddfc5bd2bd35a1e9280e77abc69d6bc827a759872240e2bcebc2803e7b4da34e2e1569528c8c9c7e39d0e2ce72cb9d41bb741901a1a9532ac80069
- SSDEEP
  
  24576:qyACuKT7PmQ9kGdAzGDvW9+AXt0YiHsRNcHYebrzp2B7cM4:xACuKDkmAzGDm1UHsr+5HclcM
Score

10^/10

redline masha infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemashainfostealerpersistence