redline | 28589d11de64c2aca84ac7b4b8bee3cd44f63dfc881ef0360af9f3c4325f9dd0 | Triage

Sharing

General

Target

28589d11de64c2aca84ac7b4b8bee3cd44f63dfc881ef0360af9f3c4325f9dd0
Size

1.1MB
Sample

241110-tzwpcstnbl
MD5

2af5ca35521f02df8b025f64f7f3b1b9
SHA1

e30b79fba299a5b0d4c43494669f46fa723c4977
SHA256

28589d11de64c2aca84ac7b4b8bee3cd44f63dfc881ef0360af9f3c4325f9dd0
SHA512

a5d77aec7933a3b00c68c35635b871ea6369ae806895893ff7014cf386efe6873eb8e1182b9dd15b1bfdc54f7a496498b7051e70d6109e633afb72199eb91ad0
SSDEEP

24576:Yy2wPn70ZOklnakgRXo8gnyvlNDMHNM6L:ffj00slcxvUH

Score

10^/10

redline doma discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  28589d11de64c2aca84ac7b4b8bee3cd44f63dfc881ef0360af9f3c4325f9dd0
- Size
  
  1.1MB
- MD5
  
  2af5ca35521f02df8b025f64f7f3b1b9
- SHA1
  
  e30b79fba299a5b0d4c43494669f46fa723c4977
- SHA256
  
  28589d11de64c2aca84ac7b4b8bee3cd44f63dfc881ef0360af9f3c4325f9dd0
- SHA512
  
  a5d77aec7933a3b00c68c35635b871ea6369ae806895893ff7014cf386efe6873eb8e1182b9dd15b1bfdc54f7a496498b7051e70d6109e633afb72199eb91ad0
- SSDEEP
  
  24576:Yy2wPn70ZOklnakgRXo8gnyvlNDMHNM6L:ffj00slcxvUH
Score

10^/10

redline doma discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryinfostealerpersistence