redline | 96eca3c6fe369f4ec20732a3a05b2d51e2d9d91c668d013dc147f060faaac911 | Triage

Sharing

General

Target

96eca3c6fe369f4ec20732a3a05b2d51e2d9d91c668d013dc147f060faaac911
Size

554KB
Sample

241110-d8k18asjdl
MD5

5f0771a3162b4c6aad60f9d59a12373b
SHA1

817debde0cff0c7fe4c56050febb38ae4449b259
SHA256

96eca3c6fe369f4ec20732a3a05b2d51e2d9d91c668d013dc147f060faaac911
SHA512

337c1cceaad320afc06bd76280f87100a1c779b7b0b1d1dfcb6f2f4ca68ad8fbd7917ac0114f052c6ebff95ff1939ff233fca7d5ec5768873257212e3f1fdc04
SSDEEP

12288:vMrUy90/hszTQhgFth7+4rlA5E+bhQ9s7nDP+:Py5zTQhgR7Pl2h7Dm

Score

10^/10

redline darm discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  96eca3c6fe369f4ec20732a3a05b2d51e2d9d91c668d013dc147f060faaac911
- Size
  
  554KB
- MD5
  
  5f0771a3162b4c6aad60f9d59a12373b
- SHA1
  
  817debde0cff0c7fe4c56050febb38ae4449b259
- SHA256
  
  96eca3c6fe369f4ec20732a3a05b2d51e2d9d91c668d013dc147f060faaac911
- SHA512
  
  337c1cceaad320afc06bd76280f87100a1c779b7b0b1d1dfcb6f2f4ca68ad8fbd7917ac0114f052c6ebff95ff1939ff233fca7d5ec5768873257212e3f1fdc04
- SSDEEP
  
  12288:vMrUy90/hszTQhgFth7+4rlA5E+bhQ9s7nDP+:Py5zTQhgR7Pl2h7Dm
Score

10^/10

redline darm discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarmdiscoveryinfostealerpersistence