redline | 046e6b3d0b2e06e3bffb97a6e4149a028878e496d5d290a9ea686371355e93fe | Triage

Sharing

General

Target

046e6b3d0b2e06e3bffb97a6e4149a028878e496d5d290a9ea686371355e93fe
Size

1.2MB
Sample

241108-r243eawphk
MD5

88c34e9579d94f1ed6d575a5d3c3061e
SHA1

d18a2399b3f92b728a4b1da383c066dc3be0be38
SHA256

046e6b3d0b2e06e3bffb97a6e4149a028878e496d5d290a9ea686371355e93fe
SHA512

0c31cb8bf189a1808d3b1f1e1e1ab42b8a7ceac3637a6b51d2888aed728be52d96c1883a5a2b9cc90c5657f10e8d11d363e5d0f96a31893abf074ada0f75b4fb
SSDEEP

24576:qySKs2Dfs1fVSlffI8jm9SkiHvjeLeROtnrqsDCg65+nhkYmp/I9:xSamI3qzkSiRORrU5+n2JJI

Score

10^/10

redline doma discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  046e6b3d0b2e06e3bffb97a6e4149a028878e496d5d290a9ea686371355e93fe
- Size
  
  1.2MB
- MD5
  
  88c34e9579d94f1ed6d575a5d3c3061e
- SHA1
  
  d18a2399b3f92b728a4b1da383c066dc3be0be38
- SHA256
  
  046e6b3d0b2e06e3bffb97a6e4149a028878e496d5d290a9ea686371355e93fe
- SHA512
  
  0c31cb8bf189a1808d3b1f1e1e1ab42b8a7ceac3637a6b51d2888aed728be52d96c1883a5a2b9cc90c5657f10e8d11d363e5d0f96a31893abf074ada0f75b4fb
- SSDEEP
  
  24576:qySKs2Dfs1fVSlffI8jm9SkiHvjeLeROtnrqsDCg65+nhkYmp/I9:xSamI3qzkSiRORrU5+n2JJI
Score

10^/10

redline doma discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryinfostealerpersistence