redline | 770c7738f60205bacce633102254eb069ff626d512e6a795bb5e14e0b2ec54db | Triage

Sharing

General

Target

770c7738f60205bacce633102254eb069ff626d512e6a795bb5e14e0b2ec54db
Size

479KB
Sample

241111-bfzb2asler
MD5

cc1e2583416c9e7f036fe791f833e125
SHA1

638ce38cf7011f7e7cf7e9354e79b1915d2489e8
SHA256

770c7738f60205bacce633102254eb069ff626d512e6a795bb5e14e0b2ec54db
SHA512

e1d60125e78506baa6c208ec5c9a39688fc356b886d7125ab159fc9c4b4075e0b9d39ec5e428d306bcfff694ad9718146cd884667b359637299c53c12aac9c93
SSDEEP

12288:sMrdy90zYsVTX4ea01BjkrrPylk7cU5L0qQ:Zy9sVTJa0feD7cFF

Score

10^/10

redline discovery infostealer persistence

Malware Config

Targets

- Target
  
  770c7738f60205bacce633102254eb069ff626d512e6a795bb5e14e0b2ec54db
- Size
  
  479KB
- MD5
  
  cc1e2583416c9e7f036fe791f833e125
- SHA1
  
  638ce38cf7011f7e7cf7e9354e79b1915d2489e8
- SHA256
  
  770c7738f60205bacce633102254eb069ff626d512e6a795bb5e14e0b2ec54db
- SHA512
  
  e1d60125e78506baa6c208ec5c9a39688fc356b886d7125ab159fc9c4b4075e0b9d39ec5e428d306bcfff694ad9718146cd884667b359637299c53c12aac9c93
- SSDEEP
  
  12288:sMrdy90zYsVTX4ea01BjkrrPylk7cU5L0qQ:Zy9sVTJa0feD7cFF
Score

10^/10

redline discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistence