redline | a2428add09ecd5325ce9a602550984188d162eecb2825ea6c52cb8fb1ea2683a | Triage

Sharing

General

Target

a2428add09ecd5325ce9a602550984188d162eecb2825ea6c52cb8fb1ea2683a
Size

1.1MB
Sample

241110-vadmxs1dqa
MD5

e63248f1b85279aca6ae445ed6eeed8e
SHA1

87cdf186105225e784d4805b682e866af3ed92c1
SHA256

a2428add09ecd5325ce9a602550984188d162eecb2825ea6c52cb8fb1ea2683a
SHA512

08bd1cfe6552016908cf8a60606042ce069ebff0952cd86cea745934b310ebb334a49fe45d15d3a787cc2346821cecf5486779cc27b62d8181979afa499d2102
SSDEEP

24576:hyH2NWIfzXZ4tu+FzKFiWI5QKH5zDP3HK9KeNvlR9fn6j9LUZwgYXw:UWN7rg+iBZzDPyNNLyj9Q6X

Score

10^/10

redline doma discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  a2428add09ecd5325ce9a602550984188d162eecb2825ea6c52cb8fb1ea2683a
- Size
  
  1.1MB
- MD5
  
  e63248f1b85279aca6ae445ed6eeed8e
- SHA1
  
  87cdf186105225e784d4805b682e866af3ed92c1
- SHA256
  
  a2428add09ecd5325ce9a602550984188d162eecb2825ea6c52cb8fb1ea2683a
- SHA512
  
  08bd1cfe6552016908cf8a60606042ce069ebff0952cd86cea745934b310ebb334a49fe45d15d3a787cc2346821cecf5486779cc27b62d8181979afa499d2102
- SSDEEP
  
  24576:hyH2NWIfzXZ4tu+FzKFiWI5QKH5zDP3HK9KeNvlR9fn6j9LUZwgYXw:UWN7rg+iBZzDPyNNLyj9Q6X
Score

10^/10

redline doma discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryinfostealerpersistence