redline | 66963e9797bcc258ff5b5688dee97a3a3bc3c14594485eb37c560cd74de770ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66963e9797bcc258ff5b5688dee97a3a3bc3c14594485eb37c560cd74de770ac
Size

785KB
Sample

230921-h2g37sgb29
MD5

92fcb746384e89f998ba0d891915d385
SHA1

70db60b2f6fb553eda94b0229f446be36af446cc
SHA256

66963e9797bcc258ff5b5688dee97a3a3bc3c14594485eb37c560cd74de770ac
SHA512

baee4b65530f7162f524b961e8f8cbf149e3fd984452686f3c091a4dc7bc2b7fb99bac69e83ed2ddf208b18e50526798187804d2020a4bc659da6566d289e003
SSDEEP

24576:py6l7g//YPPG4KO9Q+XGPZ/fEjU/3jL+Jo:c6pg/QPeBOV6Z/8w/3j

Score

10^/10

redline buben infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes

auth_value
c62fa04aa45f5b78f62d2c21fcbefdec

Targets

- Target
  
  66963e9797bcc258ff5b5688dee97a3a3bc3c14594485eb37c560cd74de770ac
- Size
  
  785KB
- MD5
  
  92fcb746384e89f998ba0d891915d385
- SHA1
  
  70db60b2f6fb553eda94b0229f446be36af446cc
- SHA256
  
  66963e9797bcc258ff5b5688dee97a3a3bc3c14594485eb37c560cd74de770ac
- SHA512
  
  baee4b65530f7162f524b961e8f8cbf149e3fd984452686f3c091a4dc7bc2b7fb99bac69e83ed2ddf208b18e50526798187804d2020a4bc659da6566d289e003
- SSDEEP
  
  24576:py6l7g//YPPG4KO9Q+XGPZ/fEjU/3jL+Jo:c6pg/QPeBOV6Z/8w/3j
Score

10^/10

redline buben infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebubeninfostealerpersistence