redline | 037e3c0438df3ca6c2ed70f9dd643af405c24f781582d31a3a8a4a1abbb5c3db | Triage

Sharing

General

Target

39abc7e51cd24df294743a12613db3d0_NEIKI
Size

371KB
Sample

240507-z7wl8abc75
MD5

39abc7e51cd24df294743a12613db3d0
SHA1

c7487934f9a0ffd8a086e395cb02d4eaadc0bbc5
SHA256

037e3c0438df3ca6c2ed70f9dd643af405c24f781582d31a3a8a4a1abbb5c3db
SHA512

2183b2a476af5025aba99be782f13002066ea87031f4f41a65d2ffe845bf4b441955909954bd6a432497cedbb93c64ce589534e4ea005c261d0f4cdd78fdd816
SSDEEP

6144:sMip0yN90QEQmKItMqxYr0oXTujDKflckhQWecDhmkNt1GGgFe5C6Re0JJv:1y90CSSEloXYDKN/egm+GTFe5F1JN

Score

10^/10

redline most infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes

auth_value
7da4dfa153f2919e617aa016f7c36008

Targets

- Target
  
  39abc7e51cd24df294743a12613db3d0_NEIKI
- Size
  
  371KB
- MD5
  
  39abc7e51cd24df294743a12613db3d0
- SHA1
  
  c7487934f9a0ffd8a086e395cb02d4eaadc0bbc5
- SHA256
  
  037e3c0438df3ca6c2ed70f9dd643af405c24f781582d31a3a8a4a1abbb5c3db
- SHA512
  
  2183b2a476af5025aba99be782f13002066ea87031f4f41a65d2ffe845bf4b441955909954bd6a432497cedbb93c64ce589534e4ea005c261d0f4cdd78fdd816
- SSDEEP
  
  6144:sMip0yN90QEQmKItMqxYr0oXTujDKflckhQWecDhmkNt1GGgFe5C6Re0JJv:1y90CSSEloXYDKN/egm+GTFe5F1JN
Score

10^/10

redline most infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinemostinfostealerpersistence