redline | 21c9f6b362d2208ebb34a35ba58d66e6c4211f6941bd0eafc647f593e70e4dd9 | Triage

Sharing

General

Target

21c9f6b362d2208ebb34a35ba58d66e6c4211f6941bd0eafc647f593e70e4dd9
Size

1.1MB
Sample

241109-s9tr3sxepj
MD5

fa5bebac4b4c77b743eef2081c8a2877
SHA1

2407d00dcffd6260f94fe1cbc19ae4d7687c1d2f
SHA256

21c9f6b362d2208ebb34a35ba58d66e6c4211f6941bd0eafc647f593e70e4dd9
SHA512

3a1e3f9110267f7757149928ab6c55959d2374279111ea91a538333e6371d8bd6f74d08259cda71314f61ddf2abe0c549ac1c02f93a8b5dc8af45ba2265c1972
SSDEEP

24576:PysL1s11Yerqr8YeZv28EDYHXEtEeq+YHL1WFTUThrF:asL1qYe/pQY3le/YHhWFT0

Score

10^/10

redline doma discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  21c9f6b362d2208ebb34a35ba58d66e6c4211f6941bd0eafc647f593e70e4dd9
- Size
  
  1.1MB
- MD5
  
  fa5bebac4b4c77b743eef2081c8a2877
- SHA1
  
  2407d00dcffd6260f94fe1cbc19ae4d7687c1d2f
- SHA256
  
  21c9f6b362d2208ebb34a35ba58d66e6c4211f6941bd0eafc647f593e70e4dd9
- SHA512
  
  3a1e3f9110267f7757149928ab6c55959d2374279111ea91a538333e6371d8bd6f74d08259cda71314f61ddf2abe0c549ac1c02f93a8b5dc8af45ba2265c1972
- SSDEEP
  
  24576:PysL1s11Yerqr8YeZv28EDYHXEtEeq+YHL1WFTUThrF:asL1qYe/pQY3le/YHhWFT0
Score

10^/10

redline doma discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryinfostealerpersistence