redline | 5e89e597ad75f0503c8fe5d495e39c836c5d8e12960c0b7dcb396f9829569054 | Triage

Sharing

General

Target

5e89e597ad75f0503c8fe5d495e39c836c5d8e12960c0b7dcb396f9829569054
Size

890KB
Sample

241110-h68fysvqdm
MD5

b0a709648e66ced4135978954cb072fa
SHA1

3e507e2c1d2b54404d45a0dfe31a7f0199065e4f
SHA256

5e89e597ad75f0503c8fe5d495e39c836c5d8e12960c0b7dcb396f9829569054
SHA512

bc8bfc1d8565e2637b686c6837ed5387687590379ed1a9a1912cbec30e152bb400d552261fbcf7e4807f6392327aa2fccc8b0ed93f563e2e91a8a4d19efdd56b
SSDEEP

24576:6ytsSPLQvnPR36AwEj/frWfcqjLWQlrVuXCSu:BtsTvPIkIBlxuXCS

Score

10^/10

redline dante gena discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes

auth_value
f4066af6b8a6f23125c8ee48288a3f90

Targets

- Target
  
  5e89e597ad75f0503c8fe5d495e39c836c5d8e12960c0b7dcb396f9829569054
- Size
  
  890KB
- MD5
  
  b0a709648e66ced4135978954cb072fa
- SHA1
  
  3e507e2c1d2b54404d45a0dfe31a7f0199065e4f
- SHA256
  
  5e89e597ad75f0503c8fe5d495e39c836c5d8e12960c0b7dcb396f9829569054
- SHA512
  
  bc8bfc1d8565e2637b686c6837ed5387687590379ed1a9a1912cbec30e152bb400d552261fbcf7e4807f6392327aa2fccc8b0ed93f563e2e91a8a4d19efdd56b
- SSDEEP
  
  24576:6ytsSPLQvnPR36AwEj/frWfcqjLWQlrVuXCSu:BtsTvPIkIBlxuXCS
Score

10^/10

redline dante gena discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedantegenadiscoveryinfostealerpersistence