redline | 72e4d5cecbe8985936bf65f12005825229bfb0ff68d6ed2e3fa8a9bcea0da492 | Triage

Sharing

General

Target

72e4d5cecbe8985936bf65f12005825229bfb0ff68d6ed2e3fa8a9bcea0da492
Size

642KB
Sample

241110-dhefrayalr
MD5

2468172af731a4376e66af09b93d4599
SHA1

44d273cd751c82ac61409e9e4079a08b837bb840
SHA256

72e4d5cecbe8985936bf65f12005825229bfb0ff68d6ed2e3fa8a9bcea0da492
SHA512

44baa8c6455cc10c3596d6d10d2be2974da1a6bf9175cd9e191de1f5dff1f0b6f61e2309e45bcca68ed8d6f9bfbbbebde4ce04799ab2aaef24900e22dca6b117
SSDEEP

12288:gMrHy90H3z3IUxyH2SqkaakXZsbgKZNy22+XH4ikkI6W:XyATIvBEXsgE8i34i2

Score

10^/10

redline darm discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  72e4d5cecbe8985936bf65f12005825229bfb0ff68d6ed2e3fa8a9bcea0da492
- Size
  
  642KB
- MD5
  
  2468172af731a4376e66af09b93d4599
- SHA1
  
  44d273cd751c82ac61409e9e4079a08b837bb840
- SHA256
  
  72e4d5cecbe8985936bf65f12005825229bfb0ff68d6ed2e3fa8a9bcea0da492
- SHA512
  
  44baa8c6455cc10c3596d6d10d2be2974da1a6bf9175cd9e191de1f5dff1f0b6f61e2309e45bcca68ed8d6f9bfbbbebde4ce04799ab2aaef24900e22dca6b117
- SSDEEP
  
  12288:gMrHy90H3z3IUxyH2SqkaakXZsbgKZNy22+XH4ikkI6W:XyATIvBEXsgE8i34i2
Score

10^/10

redline darm discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarmdiscoveryinfostealerpersistence