redline | b56c702616666610a6fc34fe749a5a4baa826d0944ed942d4b4bca127688527f | Triage

Sharing

General

Target

b56c702616666610a6fc34fe749a5a4baa826d0944ed942d4b4bca127688527f
Size

567KB
Sample

241110-njeg9aypaq
MD5

1481ba15438c991cb67cd4be168b37ec
SHA1

f932a615b942ace5bb4b2eaf34f13e9b09d63cdc
SHA256

b56c702616666610a6fc34fe749a5a4baa826d0944ed942d4b4bca127688527f
SHA512

20ba6a1514e314ad8c5c60cac555d784efbf1803965804b7055f9472d03360d6c12852e8c2b6f4305b3ccbf5be31f5f5b3b49c52e6a373fabe2892829857e0c5
SSDEEP

12288:SMrZy90YofzybScnxHlgcgT/E6ppYCZyNFkIBBaa0Me9P:TyfeODnFlqTc6vFZyNFKFMe9P

Score

10^/10

redline darm discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  b56c702616666610a6fc34fe749a5a4baa826d0944ed942d4b4bca127688527f
- Size
  
  567KB
- MD5
  
  1481ba15438c991cb67cd4be168b37ec
- SHA1
  
  f932a615b942ace5bb4b2eaf34f13e9b09d63cdc
- SHA256
  
  b56c702616666610a6fc34fe749a5a4baa826d0944ed942d4b4bca127688527f
- SHA512
  
  20ba6a1514e314ad8c5c60cac555d784efbf1803965804b7055f9472d03360d6c12852e8c2b6f4305b3ccbf5be31f5f5b3b49c52e6a373fabe2892829857e0c5
- SSDEEP
  
  12288:SMrZy90YofzybScnxHlgcgT/E6ppYCZyNFkIBBaa0Me9P:TyfeODnFlqTc6vFZyNFKFMe9P
Score

10^/10

redline darm discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarmdiscoveryinfostealerpersistence