redline | 9eb005eeac5d582bc3a490b2c35f720e73d0ad19292cf297a0b93c70ce7e2fa7 | Triage

Sharing

General

Target

9eb005eeac5d582bc3a490b2c35f720e73d0ad19292cf297a0b93c70ce7e2fa7
Size

696KB
Sample

230921-ns3w7sfg5s
MD5

37f9a50aa72a4e981856d313d839b505
SHA1

1aaf01b4080bbb9b27e0eb66d9bf1e0014d93cd7
SHA256

9eb005eeac5d582bc3a490b2c35f720e73d0ad19292cf297a0b93c70ce7e2fa7
SHA512

1b3cdc274d5de5dcd7a6624410e7f01256229c42c1fefdf8671abf7fcc7fd467dcfcc7ebac63dd2911cff1b38061cc2dc5e5a3a456c06fc0ff93f27ca9462517
SSDEEP

12288:oMr5y90dD8gvqLQejnQYdkFAfYpQ+Z2eIRTXgT8ZIe:hyJJLNjnTmY+Z2TR7ae

Score

10^/10

redline buben infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes

auth_value
c62fa04aa45f5b78f62d2c21fcbefdec

Targets

- Target
  
  9eb005eeac5d582bc3a490b2c35f720e73d0ad19292cf297a0b93c70ce7e2fa7
- Size
  
  696KB
- MD5
  
  37f9a50aa72a4e981856d313d839b505
- SHA1
  
  1aaf01b4080bbb9b27e0eb66d9bf1e0014d93cd7
- SHA256
  
  9eb005eeac5d582bc3a490b2c35f720e73d0ad19292cf297a0b93c70ce7e2fa7
- SHA512
  
  1b3cdc274d5de5dcd7a6624410e7f01256229c42c1fefdf8671abf7fcc7fd467dcfcc7ebac63dd2911cff1b38061cc2dc5e5a3a456c06fc0ff93f27ca9462517
- SSDEEP
  
  12288:oMr5y90dD8gvqLQejnQYdkFAfYpQ+Z2eIRTXgT8ZIe:hyJJLNjnTmY+Z2TR7ae
Score

10^/10

redline buben infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebubeninfostealerpersistence