redline | 834670d4c3f106c1f3aa216898bb2f94b5ef14a7515afdfa9c855dd7375e12fc | Triage

Sharing

General

Target

834670d4c3f106c1f3aa216898bb2f94b5ef14a7515afdfa9c855dd7375e12fc
Size

855KB
Sample

230817-p47j7sba8v
MD5

7950cfe4c09265f6e0f7abc2c27efbbf
SHA1

bc37c9c7ae7b902ec345eeb8f58b7284248440bb
SHA256

834670d4c3f106c1f3aa216898bb2f94b5ef14a7515afdfa9c855dd7375e12fc
SHA512

f265f93d24f719f3552ac58433c107e6866c9bcc61e1b50fd8fe75956bd6fdd401e6761b4af48605fdc3c2219cc7ab640ecbe0c740f87eec330a6d2b3a6bac94
SSDEEP

12288:3Mrwy90Rvx8LBX1/T9i2Z/hfvtDj4k7XApvlMjfiLAeDp1bfvRTxqTzL5u+4GM:vySe1lZvj4mApvOxWphxto3yGM

Score

10^/10

redline maga infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes

auth_value
9dd7a0be219be9b6228dc9b4e112b812

Targets

- Target
  
  834670d4c3f106c1f3aa216898bb2f94b5ef14a7515afdfa9c855dd7375e12fc
- Size
  
  855KB
- MD5
  
  7950cfe4c09265f6e0f7abc2c27efbbf
- SHA1
  
  bc37c9c7ae7b902ec345eeb8f58b7284248440bb
- SHA256
  
  834670d4c3f106c1f3aa216898bb2f94b5ef14a7515afdfa9c855dd7375e12fc
- SHA512
  
  f265f93d24f719f3552ac58433c107e6866c9bcc61e1b50fd8fe75956bd6fdd401e6761b4af48605fdc3c2219cc7ab640ecbe0c740f87eec330a6d2b3a6bac94
- SSDEEP
  
  12288:3Mrwy90Rvx8LBX1/T9i2Z/hfvtDj4k7XApvlMjfiLAeDp1bfvRTxqTzL5u+4GM:vySe1lZvj4mApvOxWphxto3yGM
Score

10^/10

redline maga infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemagainfostealerpersistence