redline | 4ebf32693e1e4f85ae90bbabd71873eea617c1b55c4eb4040b6af68d25a64a5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ebf32693e1e4f85ae90bbabd71873eea617c1b55c4eb4040b6af68d25a64a5e
Size

854KB
Sample

230817-q4bm7sbc9t
MD5

1ce1213b026afe34d8425eb7d58c7a01
SHA1

8ae72d698ac8021d87f443cb86d6973fc5d2cb19
SHA256

4ebf32693e1e4f85ae90bbabd71873eea617c1b55c4eb4040b6af68d25a64a5e
SHA512

657c61ef3c1eab46a0604e1f5c6f1302b15a990b6008fe35716f4fa52b9690cc7e3b451baeb5bb98189b5974923300753dfc6e36f95f79cb1a9b2cde1d8c2c97
SSDEEP

24576:dys+0BN6EdW13H2nhhZp2XVPqOFDNbXeMAclX8:4J09U3HghZp2XZDNbEI

Score

10^/10

redline maga infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes

auth_value
9dd7a0be219be9b6228dc9b4e112b812

Targets

- Target
  
  4ebf32693e1e4f85ae90bbabd71873eea617c1b55c4eb4040b6af68d25a64a5e
- Size
  
  854KB
- MD5
  
  1ce1213b026afe34d8425eb7d58c7a01
- SHA1
  
  8ae72d698ac8021d87f443cb86d6973fc5d2cb19
- SHA256
  
  4ebf32693e1e4f85ae90bbabd71873eea617c1b55c4eb4040b6af68d25a64a5e
- SHA512
  
  657c61ef3c1eab46a0604e1f5c6f1302b15a990b6008fe35716f4fa52b9690cc7e3b451baeb5bb98189b5974923300753dfc6e36f95f79cb1a9b2cde1d8c2c97
- SSDEEP
  
  24576:dys+0BN6EdW13H2nhhZp2XVPqOFDNbXeMAclX8:4J09U3HghZp2XZDNbEI
Score

10^/10

redline maga infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemagainfostealerpersistence