redline | 7532376c15f6a96575fc6c50fe17ece91da6d58231142956ee57eeda7ddf892b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7532376c15f6a96575fc6c50fe17ece91da6d58231142956ee57eeda7ddf892b
Size

773KB
Sample

241109-n78q1asrgx
MD5

d17a9f22293a2db775cac239d7245f10
SHA1

c8fb6846483ce3dd5f1120347e3bc196382fadff
SHA256

7532376c15f6a96575fc6c50fe17ece91da6d58231142956ee57eeda7ddf892b
SHA512

be8af24be716617a7d11988ba0a0b6500d5970e56381bdc66f15f2136f7bbf0658d1e7aa16ce6da2fb7bb0ad1aecdb6d52b512ac71a1f5c7f1c7cc6def84ce38
SSDEEP

24576:1yinnavX34dYebWDYqr7P1OC9BE5hXezUZl1:QinvdqDYo/Evez

Score

10^/10

redline dante gena discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes

auth_value
f4066af6b8a6f23125c8ee48288a3f90

Targets

- Target
  
  7532376c15f6a96575fc6c50fe17ece91da6d58231142956ee57eeda7ddf892b
- Size
  
  773KB
- MD5
  
  d17a9f22293a2db775cac239d7245f10
- SHA1
  
  c8fb6846483ce3dd5f1120347e3bc196382fadff
- SHA256
  
  7532376c15f6a96575fc6c50fe17ece91da6d58231142956ee57eeda7ddf892b
- SHA512
  
  be8af24be716617a7d11988ba0a0b6500d5970e56381bdc66f15f2136f7bbf0658d1e7aa16ce6da2fb7bb0ad1aecdb6d52b512ac71a1f5c7f1c7cc6def84ce38
- SSDEEP
  
  24576:1yinnavX34dYebWDYqr7P1OC9BE5hXezUZl1:QinvdqDYo/Evez
Score

10^/10

redline dante gena discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedantegenadiscoveryinfostealerpersistence