redline | 8c03117d73c23707e5311e09a3dc8ef6f5e8539c6a39e504d4cb24e2f9fa4dd2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c03117d73c23707e5311e09a3dc8ef6f5e8539c6a39e504d4cb24e2f9fa4dd2
Size

855KB
Sample

230817-yd85sacg74
MD5

018bdf0ee779b648c20dee7e58e6ff7b
SHA1

acdef7833e3f8dfd77a768298b6ca091e0a582d9
SHA256

8c03117d73c23707e5311e09a3dc8ef6f5e8539c6a39e504d4cb24e2f9fa4dd2
SHA512

0e2e71880a0f401d7944454d94b63ed6bf44a2903827ae0eb863cba782ddf109beb04912773fb3eed6770a1186522c1c3a9c7fdc082c442185a5e37767373ed7
SSDEEP

24576:Cy3iMmha+EBM7PTew7n1xzEUfcUasjau:pyMmhaTyPT5n1xLfc7sa

Score

10^/10

redline maga infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes

auth_value
9dd7a0be219be9b6228dc9b4e112b812

Targets

- Target
  
  8c03117d73c23707e5311e09a3dc8ef6f5e8539c6a39e504d4cb24e2f9fa4dd2
- Size
  
  855KB
- MD5
  
  018bdf0ee779b648c20dee7e58e6ff7b
- SHA1
  
  acdef7833e3f8dfd77a768298b6ca091e0a582d9
- SHA256
  
  8c03117d73c23707e5311e09a3dc8ef6f5e8539c6a39e504d4cb24e2f9fa4dd2
- SHA512
  
  0e2e71880a0f401d7944454d94b63ed6bf44a2903827ae0eb863cba782ddf109beb04912773fb3eed6770a1186522c1c3a9c7fdc082c442185a5e37767373ed7
- SSDEEP
  
  24576:Cy3iMmha+EBM7PTew7n1xzEUfcUasjau:pyMmhaTyPT5n1xLfc7sa
Score

10^/10

redline maga infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemagainfostealerpersistence