redline | 97d4a237fe486790506c1b033b4c1ef6c3305df5ae8fff3c1ef66f1ffa61e846 | Triage

Sharing

General

Target

97d4a237fe486790506c1b033b4c1ef6c3305df5ae8fff3c1ef66f1ffa61e846
Size

1.1MB
Sample

241110-1h3jxawalr
MD5

77525e9272fdeee016b6630335dddb34
SHA1

f5e33fbea6167b21fcd98f99dd6f32803e4feea2
SHA256

97d4a237fe486790506c1b033b4c1ef6c3305df5ae8fff3c1ef66f1ffa61e846
SHA512

a7491e89b217056c4267606c6b0e78d0018d69cdf6b331971320dd711e4db852f91f61be609046ca4af33717ef8fbc0358325644cf567b017702454f200386b2
SSDEEP

24576:CyttYsFPuAv2hZphAh9X589QfGYTLMOtyk48Y2FB+8f2iUxC2:pEkbuhZphAzEQeYTH1zFB+8gx

Score

10^/10

redline discovery infostealer persistence

Malware Config

Targets

- Target
  
  97d4a237fe486790506c1b033b4c1ef6c3305df5ae8fff3c1ef66f1ffa61e846
- Size
  
  1.1MB
- MD5
  
  77525e9272fdeee016b6630335dddb34
- SHA1
  
  f5e33fbea6167b21fcd98f99dd6f32803e4feea2
- SHA256
  
  97d4a237fe486790506c1b033b4c1ef6c3305df5ae8fff3c1ef66f1ffa61e846
- SHA512
  
  a7491e89b217056c4267606c6b0e78d0018d69cdf6b331971320dd711e4db852f91f61be609046ca4af33717ef8fbc0358325644cf567b017702454f200386b2
- SSDEEP
  
  24576:CyttYsFPuAv2hZphAh9X589QfGYTLMOtyk48Y2FB+8f2iUxC2:pEkbuhZphAzEQeYTH1zFB+8gx
Score

10^/10

redline discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistence