redline | 8102ae4cd92635372b9b16d9d25b0f9245765d8ba20a0cfb554f964521e31c90 | Triage

Sharing

General

Target

8102ae4cd92635372b9b16d9d25b0f9245765d8ba20a0cfb554f964521e31c90
Size

770KB
Sample

230716-ktygbsdf32
MD5

8ba8ddc444effbf74a138ca0a90e50c2
SHA1

75709ce592f541f11317cfad0a863e9365fda4f5
SHA256

8102ae4cd92635372b9b16d9d25b0f9245765d8ba20a0cfb554f964521e31c90
SHA512

485bda8be82255c619cc0259df7d8029169623d81a61dd25bf4956c48099e31c05ef9e207c907bfe381dcf09c0cc550fe7abac86b03bee70a8e98eed0000153c
SSDEEP

12288:TMrsy90RaffCIVUsp29r8fgcrrv/nDbuiYfrgggEzeaGJ+At2+bBnsj+sX:nyffqI6SGFkr3XudgggEzonVnsZX

Score

10^/10

redline lamp infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

lamp

C2

77.91.68.56:19071

Attributes

auth_value
ee1df63bcdbe3de70f52810d94eaff7d

Targets

- Target
  
  8102ae4cd92635372b9b16d9d25b0f9245765d8ba20a0cfb554f964521e31c90
- Size
  
  770KB
- MD5
  
  8ba8ddc444effbf74a138ca0a90e50c2
- SHA1
  
  75709ce592f541f11317cfad0a863e9365fda4f5
- SHA256
  
  8102ae4cd92635372b9b16d9d25b0f9245765d8ba20a0cfb554f964521e31c90
- SHA512
  
  485bda8be82255c619cc0259df7d8029169623d81a61dd25bf4956c48099e31c05ef9e207c907bfe381dcf09c0cc550fe7abac86b03bee70a8e98eed0000153c
- SSDEEP
  
  12288:TMrsy90RaffCIVUsp29r8fgcrrv/nDbuiYfrgggEzeaGJ+At2+bBnsj+sX:nyffqI6SGFkr3XudgggEzonVnsZX
Score

10^/10

redline lamp infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelampinfostealerpersistence