redline | 9ab1777a5d1eacf950625f928c6931b52a368ec796cef28ad7d278a789d4f7f3 | Triage

Sharing

General

Target

9ab1777a5d1eacf950625f928c6931b52a368ec796cef28ad7d278a789d4f7f3
Size

1.1MB
Sample

241108-zm1qfaskdk
MD5

4c5582d488ea2c9ecaaa808c55af8a83
SHA1

2115fbf675638285890dd53636396a5f9606a510
SHA256

9ab1777a5d1eacf950625f928c6931b52a368ec796cef28ad7d278a789d4f7f3
SHA512

49d9c0349286187c33486051e3c4c3ea1f3a22781d66447b80849d9f336ebd670150f741cf691036d9078da1530352f422c86663749146d577b24e7bc92a2d3f
SSDEEP

24576:kyUNx3Q7qmNEwUuno5+m55cDm6529nNRVoumEAEV47tAajDR2wad4:zKx3QrHq+m55cDb5EN7H2EVctActk

Score

10^/10

redline doma discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  9ab1777a5d1eacf950625f928c6931b52a368ec796cef28ad7d278a789d4f7f3
- Size
  
  1.1MB
- MD5
  
  4c5582d488ea2c9ecaaa808c55af8a83
- SHA1
  
  2115fbf675638285890dd53636396a5f9606a510
- SHA256
  
  9ab1777a5d1eacf950625f928c6931b52a368ec796cef28ad7d278a789d4f7f3
- SHA512
  
  49d9c0349286187c33486051e3c4c3ea1f3a22781d66447b80849d9f336ebd670150f741cf691036d9078da1530352f422c86663749146d577b24e7bc92a2d3f
- SSDEEP
  
  24576:kyUNx3Q7qmNEwUuno5+m55cDm6529nNRVoumEAEV47tAajDR2wad4:zKx3QrHq+m55cDb5EN7H2EVctActk
Score

10^/10

redline doma discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryinfostealerpersistence