redline | c26239503045e7e73f02b845d4003312af574fbc43adce4aa0aaed9e54e9c1e4 | Triage

Sharing

General

Target

c26239503045e7e73f02b845d4003312af574fbc43adce4aa0aaed9e54e9c1e4
Size

479KB
Sample

241111-ac622axhjp
MD5

a965b4a49b8f3edc9d6a25fecb9b88f8
SHA1

3e0ecd0dc2afa7c6a1dbe3e1985f6c67d5dde848
SHA256

c26239503045e7e73f02b845d4003312af574fbc43adce4aa0aaed9e54e9c1e4
SHA512

a1be38f64acf22a4e9c12561713f7781dd3edf23c2653b79d0d56903bb4b5584288a425db8bd396458053a9b6bc1274e59b8f854a3faa5566285b2159348856d
SSDEEP

12288:xMrDy907k6kCViKjm5t2p3Gg/6TL+yqr6Tlbz6VRHR3z8:yyEtHiL30yTL7vzsRI

Score

10^/10

redline ditro discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes

auth_value
8f24ed370a9b24aa28d3d634ea57912e

Targets

- Target
  
  c26239503045e7e73f02b845d4003312af574fbc43adce4aa0aaed9e54e9c1e4
- Size
  
  479KB
- MD5
  
  a965b4a49b8f3edc9d6a25fecb9b88f8
- SHA1
  
  3e0ecd0dc2afa7c6a1dbe3e1985f6c67d5dde848
- SHA256
  
  c26239503045e7e73f02b845d4003312af574fbc43adce4aa0aaed9e54e9c1e4
- SHA512
  
  a1be38f64acf22a4e9c12561713f7781dd3edf23c2653b79d0d56903bb4b5584288a425db8bd396458053a9b6bc1274e59b8f854a3faa5566285b2159348856d
- SSDEEP
  
  12288:xMrDy907k6kCViKjm5t2p3Gg/6TL+yqr6Tlbz6VRHR3z8:yyEtHiL30yTL7vzsRI
Score

10^/10

redline ditro discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineditrodiscoveryinfostealerpersistence