redline | ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66 | Triage

Sharing

General

Target

ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
Size

599KB
Sample

241111-bq1ylszcpd
MD5

02a270175da65258dc1fddf63a8e93bc
SHA1

edb7640b983f47b2bb312df19ed6b889cee448fd
SHA256

ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
SHA512

8f6f5de6e5d5972cfe4face4cfc31f47b0ee882cb3e22d961d68c407cd2685a514574d925c28009d8e3e06e5a91ba7e28ded2292901b9f7580e308e0651d3b4f
SSDEEP

12288:YMr7y90ZH9Jg4G7nmgj9CCyTH+zPxuUgVKY41n5BeJ3Ulk:DyCHPb0nmgxCjIZII7Vu3Ulk

Score

10^/10

redline discovery infostealer persistence

Malware Config

Targets

- Target
  
  ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
- Size
  
  599KB
- MD5
  
  02a270175da65258dc1fddf63a8e93bc
- SHA1
  
  edb7640b983f47b2bb312df19ed6b889cee448fd
- SHA256
  
  ebea827ffc3c62e9cc7920e55c36037bdf41ad30ca4835f5bc27338a343cce66
- SHA512
  
  8f6f5de6e5d5972cfe4face4cfc31f47b0ee882cb3e22d961d68c407cd2685a514574d925c28009d8e3e06e5a91ba7e28ded2292901b9f7580e308e0651d3b4f
- SSDEEP
  
  12288:YMr7y90ZH9Jg4G7nmgj9CCyTH+zPxuUgVKY41n5BeJ3Ulk:DyCHPb0nmgxCjIZII7Vu3Ulk
Score

10^/10

redline discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistence