redline | 92f181588802f97162bf28ac858b162f84f324a01e2a82515ceabebfb4d2fe50 | Triage

Sharing

General

Target

92f181588802f97162bf28ac858b162f84f324a01e2a82515ceabebfb4d2fe50
Size

599KB
Sample

241111-b4vzhszerf
MD5

be8fc3226eccfa56286f98212873a037
SHA1

36f1960510176f102a980916a0931a2904b4446e
SHA256

92f181588802f97162bf28ac858b162f84f324a01e2a82515ceabebfb4d2fe50
SHA512

254c51c0db0930fdc588061c722f329069154b8f114fa8676df01631a184838b21191ba63c1d4967c2d3c7d7a61167fafd16124aa40d7a938e4ef4ff4de03ab6
SSDEEP

12288:DMr3y90tsRYO9PoX1I4Zdk1i0+Z+EnOvYFgD8WL+Tsed:cyQsRj9PgaAk1bSvOvYFgD9aL

Score

10^/10

redline discovery infostealer persistence

Malware Config

Targets

- Target
  
  92f181588802f97162bf28ac858b162f84f324a01e2a82515ceabebfb4d2fe50
- Size
  
  599KB
- MD5
  
  be8fc3226eccfa56286f98212873a037
- SHA1
  
  36f1960510176f102a980916a0931a2904b4446e
- SHA256
  
  92f181588802f97162bf28ac858b162f84f324a01e2a82515ceabebfb4d2fe50
- SHA512
  
  254c51c0db0930fdc588061c722f329069154b8f114fa8676df01631a184838b21191ba63c1d4967c2d3c7d7a61167fafd16124aa40d7a938e4ef4ff4de03ab6
- SSDEEP
  
  12288:DMr3y90tsRYO9PoX1I4Zdk1i0+Z+EnOvYFgD8WL+Tsed:cyQsRj9PgaAk1bSvOvYFgD9aL
Score

10^/10

redline discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistence