Overview

overview

10

Static

static

3

0d6ae7d3e5...46.exe

windows10-2004-x64

10

14841ccb83...75.exe

windows10-2004-x64

10

18e108c298...24.exe

windows7-x64

3

18e108c298...24.exe

windows10-2004-x64

10

2945802616...90.exe

windows10-2004-x64

10

3278025d1e...83.exe

windows10-2004-x64

10

3977873bc2...45.exe

windows10-2004-x64

10

3ee99efba0...30.exe

windows7-x64

3

3ee99efba0...30.exe

windows10-2004-x64

10

4111ebb7fa...25.exe

windows7-x64

3

4111ebb7fa...25.exe

windows10-2004-x64

10

5f784993eb...f4.exe

windows10-2004-x64

10

614cff5590...9a.exe

windows10-2004-x64

10

6286d393c9...52.exe

windows7-x64

3

6286d393c9...52.exe

windows10-2004-x64

10

6db47e7857...ad.exe

windows10-2004-x64

10

a0808edece...c8.exe

windows7-x64

3

a0808edece...c8.exe

windows10-2004-x64

10

a510057561...96.exe

windows10-2004-x64

10

d5f7db4382...70.exe

windows10-2004-x64

10

da4db9abb9...ce.exe

windows7-x64

3

da4db9abb9...ce.exe

windows10-2004-x64

10

ebfcc654cd...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    red.zip

  • Size

    7.6MB

  • Sample

    240513-nyc8qsea58

  • MD5

    d77ceed21d6bf4240fee5e5d6d945894

  • SHA1

    6c14f37490e67d3cbb9c6037b3d5cbe2d0f70427

  • SHA256

    15da805913716df9c587eca175c626571489f023cb679b69ed646c3e95ab5567

  • SHA512

    7b780f25c5e19f116609449a4f03cab5a736caeadf9d9a7e995b034a3368a4c4efff6c7db604883f87487c7977292fa60603189cc2126ad3fc542100ad183b71

  • SSDEEP

    196608:XsIAfs0VMG7acrRRcsxwE+sFKb5NiNpcq2gp9MjLnEZpto7:Xstfs0VMJ8oXZse5NiNX2U9GEZo7

Score
10/10
lummaredlinezgrat5345987420debrodermantindimaslogsdiller cloud (tg: @logsdillabot)mixadiscoveryevasioninfostealerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Extracted

Family

redline

Botnet

dermantin

C2

94.156.67.67:21424

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/KE5Mft0T

Extracted

Family

lumma

C2

https://sofaprivateawarderysj.shop/api

https://lineagelasserytailsd.shop/api

https://tendencyportionjsuk.shop/api

https://headraisepresidensu.shop/api

https://appetitesallooonsj.shop/api

https://minorittyeffeoos.shop/api

https://prideconstituiiosjk.shop/api

https://smallelementyjdui.shop/api

Extracted

Family

redline

Botnet

dimas

C2

185.161.248.75:4132

Attributes
  • auth_value

    a5db9b1c53c704e612bccc93ccdb5539

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Targets

    • Target

      0d6ae7d3e5be5821154ac1fc5dc59650e00747b98e72de05210778baeb492046

    • Size

      769KB

    • MD5

      b940cff64bdb2a0d0e1d6152eb5ef29f

    • SHA1

      7ae2b67467336b2b48f0844fca241300a1c0e7c6

    • SHA256

      0d6ae7d3e5be5821154ac1fc5dc59650e00747b98e72de05210778baeb492046

    • SHA512

      4470e4261f05404453477988e6229cb26f2ccdf68c91be519083c1de0a96d931b53a6483951117ff30fe2526df92060939923e786dc9cea42e5c51eff1b6f505

    • SSDEEP

      24576:KyBySnIX1iI3LSYB5afKT+J2SQnliiCY:RBySO13L9T2KTQ21d

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      14841ccb83b8a3938282bf27ed0477e96b335c197b99c0745c4458eaaffd2675

    • Size

      488KB

    • MD5

      b940e87779e0ca65191e5bbe42eb07ed

    • SHA1

      3174c71e7342f7d7a8fa0dcb97d08d4d5ec09358

    • SHA256

      14841ccb83b8a3938282bf27ed0477e96b335c197b99c0745c4458eaaffd2675

    • SHA512

      14efb4d21f4c790ccc1c2f7c57987beaa93c658f445904eda469b62be672756fb489e38b392c8e3dc746d60644ac5f91accd10f89156a218e9cc9a49d1b44245

    • SSDEEP

      12288:0Mr5y90ev0/vEizqfMx4fi9pJqdIjNMmuZbn:Nyd0XESyfST+muVn

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral2

    • Target

      18e108c298d2a23bcafda5d40c21ffd67b48c2f5429a8b8f5864e593a83eb424

    • Size

      1.2MB

    • MD5

      ba43a528f7fd3adeb654275bdc4ea190

    • SHA1

      ab793efc8a0f94623c5245e0c96aaad56dad1f25

    • SHA256

      18e108c298d2a23bcafda5d40c21ffd67b48c2f5429a8b8f5864e593a83eb424

    • SHA512

      fbfe187af23227e5778e5cee956f8649a0c93beff29e0647aedaf1feda17cd6c020254369f27b9d919f159e1d5160a3cd5e93f24a3db474ec84910e3e2bcc558

    • SSDEEP

      24576:SJXqijJIK8li6v93Ohh/DMsYpJiDR9fM2EgtyPs:SJ6xli6v93OHS+02Els

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      29458026160d87414595e05c8bdd81a3b5dd948821f3acc4531a2399f9572790

    • Size

      316KB

    • MD5

      c1fa4d7116f1f4ed68bc4ede8f0d4324

    • SHA1

      e53a72d74ed0a5cdcd25d31bc2587c47b473dba6

    • SHA256

      29458026160d87414595e05c8bdd81a3b5dd948821f3acc4531a2399f9572790

    • SHA512

      e66d57fa6dd0e997f3f79860dd14773df52e9fa95194d63169b74b406e578b5e946c0627e39581fa122e48cf2fb6f773c447852b716e906d5e55922c751ed99e

    • SSDEEP

      6144:Kgy+bnr+Fp0yN90QEQ6vZrMgXGma0+qSNF1liaHp7Z76:AMrZy90SmNRGfNTpM

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral5

    • Target

      3278025d1e04a04ac2f71eee12369519dc740aa56b0c1b1c3dcb1b7aabb05683

    • Size

      316KB

    • MD5

      bd39cf13e2ab6edeb723846ac6c64043

    • SHA1

      2964830d116bab18d0b3577d3f8bb412b521531f

    • SHA256

      3278025d1e04a04ac2f71eee12369519dc740aa56b0c1b1c3dcb1b7aabb05683

    • SHA512

      2ccee99d9c799574162a8fcb005087be2a99cbecedca29608d6c72120a36e2d57aa7f443ac28804f6e5ab71d9a4999a0bc0082a549597a06e71e917d164ecd99

    • SSDEEP

      6144:Kmy+bnr+Np0yN90QEa96G62nMGYFGOke3xBhi+hJmdNU16JO6+kH:yMrVy90+g2MRFGgThi+hQdNRLv

    Score
    10/10
    redlinedebroinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral6

    • Target

      3977873bc268ae6753444ae27567678d7b4f321c373d4aacda1270a4232fd045

    • Size

      488KB

    • MD5

      b7c4563fa302629d4ebcf1f4048cc461

    • SHA1

      9d329d67b692668e3d703cb506773bde5ef15de2

    • SHA256

      3977873bc268ae6753444ae27567678d7b4f321c373d4aacda1270a4232fd045

    • SHA512

      723267956cd1cc13c5545772fbc6827e9303321be7975c1f812a9598b6bb624a16c2814c07af2701d47e01cf7ef626f2bf7d06224d8456d873e29c4bde9b6f69

    • SSDEEP

      12288:EMr1y90oGSWE26NkBjo4f9fpVpvkKJqLE:JyJ3N0nfrV7QI

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral7

    • Target

      3ee99efba0a08acf1fb339b90e092de6608570d79e9eab1c5b99e8734c43eb30

    • Size

      368KB

    • MD5

      bab4b0f37de3c278af5a7709e98672cd

    • SHA1

      6b382dcdadacd3b98c4fe2851b9b7cc3e92507f4

    • SHA256

      3ee99efba0a08acf1fb339b90e092de6608570d79e9eab1c5b99e8734c43eb30

    • SHA512

      ef5f03e1ff39b0e6371f684655e5023dc437cd38f5145c5e070d0fbb3801aa967b5bfa7c74030b178564bd22d1287738b12b2c1b58c8880cb0a5d94aaa8ed0f7

    • SSDEEP

      6144:BOG9AjZTg9JRdYLdiYFv/hiKGWDDT7IKkttUyAYLJonoTHwg+spt:UQA+9IvAKtPQPxlOno6spt

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral8behavioral9

    • Target

      4111ebb7fae57f66063a32adb1209c583eab0ef408bb86ce4daf6bf2884c1225

    • Size

      1.2MB

    • MD5

      b7a68c907aedd472561612e4c3349bfb

    • SHA1

      84a0569640f30c74b1109f13aed881f4d1fdbfc2

    • SHA256

      4111ebb7fae57f66063a32adb1209c583eab0ef408bb86ce4daf6bf2884c1225

    • SHA512

      1b14117e9b58a07ad26270e83aa90510f2febaaf6e9889c68fabf961205ec9890f45db5f5a41100df12ace34475205df6aeda28470a48b68b276cfb336b34252

    • SSDEEP

      24576:yBXCi7JIK8li6v93OhlvTMsY5BeDU8zwcXbig8mqOs7s:yBSJli6v93OLih8z5LIV7s

    Score
    10/10
    redlinedermantindiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral10behavioral11

    • Target

      5f784993eb49400b6627e2bc0859e4246e62553f43f1479a65970f34a16765f4

    • Size

      488KB

    • MD5

      c627279a62524fb565ab6f7276d732fa

    • SHA1

      40108ea192debc9e222f74ece2675088a499a266

    • SHA256

      5f784993eb49400b6627e2bc0859e4246e62553f43f1479a65970f34a16765f4

    • SHA512

      fdcfb05f815c0f54feac84dcc1e3d7ea94616e07d07c6c14783395c4c87a8db0e718b4ca02e6d4289a04a5d2e54ce5e55f6c0eb24489c3521d879dd0cf93fb31

    • SSDEEP

      12288:pMr2y90uFg/8qrJuYVDUzYJsALHSc4f4Apwwz5SMutyJ7f:rygrVxWhALH2fDwY5bOyJj

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral12

    • Target

      614cff559007c756d485e21c8344fe2ac72354f9e4af563e870926f665edb39a

    • Size

      770KB

    • MD5

      bd6694c7f76fdba409fc12ba82452d8c

    • SHA1

      f079703f5a5c0e84c2eef5a5d51b2fd211d0a27f

    • SHA256

      614cff559007c756d485e21c8344fe2ac72354f9e4af563e870926f665edb39a

    • SHA512

      f96d600abd6c2607607d3e92c0347ca20d7c0f3fa1c1e0b09d0426de9ddae3340abb38e6fcf31d9f28473e98f548460a0cc7d1c8414cf0a7390c40a967cb002a

    • SSDEEP

      12288:mMrxy90t+1umrLE/nguxpZ0lNlMGhoX/cBtT3vHoMGcOFTUcXn4:Hyc+1Bq7mMv+F3QHRFTq

    Score
    10/10
    redlinedebroinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral13

    • Target

      6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652

    • Size

      315KB

    • MD5

      bf89c72f6388b3884699e8081c8314c4

    • SHA1

      587f7e952669cc84756181deff315132cba078d4

    • SHA256

      6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652

    • SHA512

      fa90330bb2e3a16579de6ae76bda2371b7e18e246ebcaa7432d010f2743e944bbf5e494941bb2d3192cc4816fa97e64cefe31f61817cd6cf18b38e9cc81b02ce

    • SSDEEP

      6144:pR99pI60nbM8uPZy3+8KIDP3uSEykJUxDyvPH3ef5AvnKXHS:pr9+60nbnuY3PEykJ2M3ehAsHS

    Score
    10/10
    redline5345987420discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral14behavioral15

    • Target

      6db47e78576c4401e9d49332fe0479198b85c1913b8a65624e06be057a343bad

    • Size

      316KB

    • MD5

      c13ab6261c8e7b7b6174fb70648b1d0f

    • SHA1

      1c74fde2abadc91323c2b67cfd4e7f6fcb6af361

    • SHA256

      6db47e78576c4401e9d49332fe0479198b85c1913b8a65624e06be057a343bad

    • SHA512

      daf136cdce7e32781e8ca92685bfdde573332123922331c82fadbcc096f64dbe662fc31e7907e57d488c7ae650593f8cb67d92d70ce89621490448d662e598d1

    • SSDEEP

      6144:Kvy+bnr+hp0yN90QEY6vZrMgX3eYK41E8OBURKaJZJ:lMrxy90emN3rKWOmEa/J

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral16

    • Target

      a0808edece606fc3c1a99c4b3de0d8a52146b27ab322c37bac9a2d6b917694c8

    • Size

      1.2MB

    • MD5

      bb41d5f97d231a988fb04438808e0257

    • SHA1

      e48735903d4bf5c9b24848cdf1bb5e1368ee27ad

    • SHA256

      a0808edece606fc3c1a99c4b3de0d8a52146b27ab322c37bac9a2d6b917694c8

    • SHA512

      916ccd86d49de6863e666e7622e0b3322d6506feaa68db86b15e28c3c6e2dc07769adb24b206d0c04e0025c37110bc2c105934638a30d397e64cff3e0fdf5a2c

    • SSDEEP

      24576:m7Tti2iBHFlaamX//waFYMsaFn7DET0B0m5TmOus:m7RilaamX//7BI0B0mgOus

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral17behavioral18

    • Target

      a510057561b44d36bd440745b4ad2a685c2d3db022032dc54586c96a3cae4896

    • Size

      769KB

    • MD5

      bae0e7cc8632ec0d3567370dbd9c1888

    • SHA1

      097e313faf79ed043a66e80f181303d3156291df

    • SHA256

      a510057561b44d36bd440745b4ad2a685c2d3db022032dc54586c96a3cae4896

    • SHA512

      a3f5598565af81f2c5c485dde39705011db7a1572ab437c43a73116c4063a5a6932842315ced8c4ac1aa6f2b64a0c162830143c098ce9c372517560c253fdd72

    • SSDEEP

      12288:hMrvy90390YhABZS1mX5sMfUnpJrvfKMJjeFGKcBKjiNJ93UOEknWR4+:ayIPhABZQm1fGJLKM+GLBKjmnnNW++

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral19

    • Target

      d5f7db438217721663938572626a0da7dca7a55289f9e3f27849dc176c1d7570

    • Size

      316KB

    • MD5

      b5adb49812a5bb1c30c1fd2e1a53a3a2

    • SHA1

      c1acbb3aeeb052734fe08c09dc80b9492a8ede80

    • SHA256

      d5f7db438217721663938572626a0da7dca7a55289f9e3f27849dc176c1d7570

    • SHA512

      336740401f5c1f1f5fa40ad1a16174d57c3b12739c07e0dad616dda7aa722f7d2d3f116cfd7efc0b54cefeccbab401c62392c346609bf59f240a83a059d9d981

    • SSDEEP

      6144:KBy+bnr+9p0yN90QEV6vZrMgX3eYK41E8OBURKaJ2KV:rMrVy90rmN3rKWOmEaYKV

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral20

    • Target

      da4db9abb9d0cb7a316fb229c93429667dc9006f687abf34a56c3627b86536ce

    • Size

      1.2MB

    • MD5

      bafb91181b008d29d93cfcda09d0cedb

    • SHA1

      3b8ad0192652c669743a5791436721f78c676b9e

    • SHA256

      da4db9abb9d0cb7a316fb229c93429667dc9006f687abf34a56c3627b86536ce

    • SHA512

      9bbcc7b3c7ead621ebd2aadc8c584e91829f874725a8f14c4dd00a27e6ecd974acf97f0d1969cc4b5a369f7895dcb304e89794384ac80be1c6c05282e4bf2065

    • SSDEEP

      24576:vKxiiAH280V6GfVDeRzFZMskrfQD5/tMHxh0ha57CQ1W6/s:vKAOV6GfVDePe+6RhL5A6/s

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral21behavioral22

    • Target

      ebfcc654cdacff2dc1478f389cd7a39a61745e5ac937eab5fbd8fe64700f3196

    • Size

      307KB

    • MD5

      2aef580c2e5dd554165fd0943e77fdf5

    • SHA1

      09fbcc71dfcd5862d67c89a1330c1078ec0924e9

    • SHA256

      ebfcc654cdacff2dc1478f389cd7a39a61745e5ac937eab5fbd8fe64700f3196

    • SHA512

      cadf5a120c7eacec5275fc65397d6a3049cef92cc351f96a973a72e63ae2269eac2579b2067ddf9d6d0eb02adc0ea69914dc62711964a8d69e5076d8f8db566e

    • SSDEEP

      6144:Kjy+bnr+yp0yN90QEhop7pqcJz1ebq2SgfinjYeDah:BMrGy90Xop7pl4G2SgwYe+

    Score
    10/10
    redlinedimasinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral2

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral3

Score
3/10

behavioral4

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer
Score
10/10

behavioral5

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral6

redlinedebroinfostealerpersistence
Score
10/10

behavioral7

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral8

Score
3/10

behavioral9

redlinezgratdiscoveryinfostealerratspywarestealer
Score
10/10

behavioral10

Score
3/10

behavioral11

redlinedermantindiscoveryinfostealerspywarestealer
Score
10/10

behavioral12

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral13

redlinedebroinfostealerpersistence
Score
10/10

behavioral14

Score
3/10

behavioral15

redline5345987420discoveryinfostealer
Score
10/10

behavioral16

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral17

Score
3/10

behavioral18

lummastealer
Score
10/10

behavioral19

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral20

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral21

Score
3/10

behavioral22

redlinezgratdiscoveryinfostealerratspywarestealer
Score
10/10

behavioral23

redlinedimasinfostealerpersistence
Score
10/10