redline | cb1ca5a2563688ccdc4beb0596c1bc7c0581eaeb48fb7bb0785c866cd95721a7 | Triage

Sharing

General

Target

eaaae93cd2d238f68d7477c9332a7df5.bin
Size

670KB
Sample

230820-cvj2bsdb52
MD5

6ac6f4c4c56ed9faaa8423ea7bed6704
SHA1

64da84876a28647ee79544e605ad515b4292389b
SHA256

cb1ca5a2563688ccdc4beb0596c1bc7c0581eaeb48fb7bb0785c866cd95721a7
SHA512

f6f496b76c1e8d7febd58e9609bfe220d8fd1ade99e5532a346d8aec46254fc8d67c27921970a6365bc9c112e5077aeb2ed9e824d33c216fb23b1c63fd4c63ad
SSDEEP

12288:LDiCGCiX1gn1eN4iINzTYP3f6qqbTlE3QUIa4qiqFQUgj2Su4XyW7P8VdQqnSZRj:Lhxia1I4iYzkHV6hLHa4qisdSu4XNWQB

Score

10^/10

redline dugin infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dugin

C2

77.91.124.73:19071

Attributes

auth_value
7c3e46e091100fd26a6076996d374c28

Targets

- Target
  
  2b1d36fd7aa671cc8e0549345b02e9cddc2e00dce00268a647e89c0c976b8b0d.exe
- Size
  
  713KB
- MD5
  
  eaaae93cd2d238f68d7477c9332a7df5
- SHA1
  
  40fb01131ac0059dd18a2f6fb57f3b8b4a2ee8f8
- SHA256
  
  2b1d36fd7aa671cc8e0549345b02e9cddc2e00dce00268a647e89c0c976b8b0d
- SHA512
  
  8e6b1d9cbf2fa1dd5a1d288db0216110bded50461b7c35aa532f6ee642b3c74634871778e82660a30f93c2bca5d6f7ac95d7e0eb75996923545badcad754e69f
- SSDEEP
  
  12288:fMrYy90kot2xud1z5NWKyLGo99Os+cr88G1hsfQcYp02YD35HsQ38vs4Inb:Py1tudnN6LGo2s+0Yg/+Yr5HslsP
Score

10^/10

redline dugin infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedugininfostealerpersistence

behavioral2

redlinedugininfostealerpersistence