redline | 53781320492e0f0c4cf79ef1051c2246d15f9345a244fcb0b5baf36233acb932 | Triage

Sharing

General

Target

new2.0.exe.exe
Size

8.0MB
Sample

240809-nbkpasterg
MD5

d65be986166e494add52327ba4903a9a
SHA1

e52c30ba421a34037f058e00df0b312a2ca80d09
SHA256

53781320492e0f0c4cf79ef1051c2246d15f9345a244fcb0b5baf36233acb932
SHA512

ee1625125c2ee21ea12641147b0149ac57f9f0dca049b372acd03351fed891f11e9231605d4d757dbb054489af88fdf1132288c2a22a0c0acfe31ba429898e85
SSDEEP

24576:lPZY3DT9mHpSV27rQLaA9sEfPMemlGcOnckMsb+lxbl:s3UpSQsH2g7nckLmbl

Score

10^/10

redline ld727 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

LD727

C2

88.99.151.68:7200

Targets

- Target
  
  new2.0.exe.exe
- Size
  
  8.0MB
- MD5
  
  d65be986166e494add52327ba4903a9a
- SHA1
  
  e52c30ba421a34037f058e00df0b312a2ca80d09
- SHA256
  
  53781320492e0f0c4cf79ef1051c2246d15f9345a244fcb0b5baf36233acb932
- SHA512
  
  ee1625125c2ee21ea12641147b0149ac57f9f0dca049b372acd03351fed891f11e9231605d4d757dbb054489af88fdf1132288c2a22a0c0acfe31ba429898e85
- SSDEEP
  
  24576:lPZY3DT9mHpSV27rQLaA9sEfPMemlGcOnckMsb+lxbl:s3UpSQsH2g7nckLmbl
Score

10^/10

redline ld727 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineld727discoveryinfostealer

behavioral2

redlineld727discoveryinfostealer