redline | d619cd70c85869ded3aef847689945ebcb35cf743f24e3aa7396e15ec557303a | Triage

Sharing

General

Target

d619cd70c85869ded3aef847689945ebcb35cf743f24e3aa7396e15ec557303a
Size

784KB
Sample

230921-mtd4sshe32
MD5

51c9ee25aaa18e5d6f4e972d5d5cfd2d
SHA1

b41cd9b3bbc50eec073ba951d043d50855249b52
SHA256

d619cd70c85869ded3aef847689945ebcb35cf743f24e3aa7396e15ec557303a
SHA512

798ff8d4f18301ce40f56c7b61dd9d182143ddde9af68c0af4d057a40e7ce7a3519238494a858a1d74ebb355de1e93acd60b9f1eafd01b5ddf21a1267211e192
SSDEEP

12288:TMrIy90KTex558mXKEFPItyzOYDnlrO3gnRr9rSYZA6NgCNzPrp9h/KcUEG7G0BW:TyF+8mNatyzxDl62dSGNDd9MEklBW

Score

10^/10

redline buben infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes

auth_value
c62fa04aa45f5b78f62d2c21fcbefdec

Targets

- Target
  
  d619cd70c85869ded3aef847689945ebcb35cf743f24e3aa7396e15ec557303a
- Size
  
  784KB
- MD5
  
  51c9ee25aaa18e5d6f4e972d5d5cfd2d
- SHA1
  
  b41cd9b3bbc50eec073ba951d043d50855249b52
- SHA256
  
  d619cd70c85869ded3aef847689945ebcb35cf743f24e3aa7396e15ec557303a
- SHA512
  
  798ff8d4f18301ce40f56c7b61dd9d182143ddde9af68c0af4d057a40e7ce7a3519238494a858a1d74ebb355de1e93acd60b9f1eafd01b5ddf21a1267211e192
- SSDEEP
  
  12288:TMrIy90KTex558mXKEFPItyzOYDnlrO3gnRr9rSYZA6NgCNzPrp9h/KcUEG7G0BW:TyF+8mNatyzxDl62dSGNDd9MEklBW
Score

10^/10

redline buben infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebubeninfostealerpersistence