redline | c37b8b2694e8bc574611b6a5b836cd526e69a1280a0ed4a5f4ea79b7955bfdcb | Triage

Sharing

General

Target

c37b8b2694e8bc574611b6a5b836cd526e69a1280a0ed4a5f4ea79b7955bfdcb
Size

1.1MB
Sample

241110-g2lkys1jd1
MD5

d04efcf28c84d2e6155ceb00fd2a5308
SHA1

bc4ea94317da10d266fe0dc0dae186dd8c0a160d
SHA256

c37b8b2694e8bc574611b6a5b836cd526e69a1280a0ed4a5f4ea79b7955bfdcb
SHA512

099bb4d9a550a0380ee24adca91125eb94a583593c8dc3705cb1266d2ad05d9334f4ccbb308bbd32d9194dbb975cd3bd0427f7e3d1833158422034470533bc9b
SSDEEP

24576:FyrZ5ibjR17fcgGeAkmWsODHg1A/qDixieaZBh8KhETx:gl5ibjR1rcgdEWsObYA0i8BSo

Score

10^/10

redline doma discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  c37b8b2694e8bc574611b6a5b836cd526e69a1280a0ed4a5f4ea79b7955bfdcb
- Size
  
  1.1MB
- MD5
  
  d04efcf28c84d2e6155ceb00fd2a5308
- SHA1
  
  bc4ea94317da10d266fe0dc0dae186dd8c0a160d
- SHA256
  
  c37b8b2694e8bc574611b6a5b836cd526e69a1280a0ed4a5f4ea79b7955bfdcb
- SHA512
  
  099bb4d9a550a0380ee24adca91125eb94a583593c8dc3705cb1266d2ad05d9334f4ccbb308bbd32d9194dbb975cd3bd0427f7e3d1833158422034470533bc9b
- SSDEEP
  
  24576:FyrZ5ibjR17fcgGeAkmWsODHg1A/qDixieaZBh8KhETx:gl5ibjR1rcgdEWsObYA0i8BSo
Score

10^/10

redline doma discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryinfostealerpersistence