redline | 85b6f9cfc6534db16b6ea64cb2a8df7849d85ceda2d7f4531ab2a9ed9de56776 | Triage

Sharing

General

Target

85b6f9cfc6534db16b6ea64cb2a8df7849d85ceda2d7f4531ab2a9ed9de56776
Size

479KB
Sample

241111-ce2ansyrds
MD5

10f967e3b223a60bc709aedf8d953bea
SHA1

d0d812536ab2b38703cccb680760a956a7ab825f
SHA256

85b6f9cfc6534db16b6ea64cb2a8df7849d85ceda2d7f4531ab2a9ed9de56776
SHA512

4d10ea79c90d4d46605e795aedc43b9c1a1e7aec1b396fb6ede38ffed846cfd60ec1dcda8d0ec54f7d1e6d42adc31f79544c3d793e60195a622fd2f4fd607072
SSDEEP

12288:IMrNy90F6DZIELA8Cz85U5zqFDI07R1XRPtt:VyQQbZ5lFDT77BPL

Score

10^/10

redline ditro discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes

auth_value
8f24ed370a9b24aa28d3d634ea57912e

Targets

- Target
  
  85b6f9cfc6534db16b6ea64cb2a8df7849d85ceda2d7f4531ab2a9ed9de56776
- Size
  
  479KB
- MD5
  
  10f967e3b223a60bc709aedf8d953bea
- SHA1
  
  d0d812536ab2b38703cccb680760a956a7ab825f
- SHA256
  
  85b6f9cfc6534db16b6ea64cb2a8df7849d85ceda2d7f4531ab2a9ed9de56776
- SHA512
  
  4d10ea79c90d4d46605e795aedc43b9c1a1e7aec1b396fb6ede38ffed846cfd60ec1dcda8d0ec54f7d1e6d42adc31f79544c3d793e60195a622fd2f4fd607072
- SSDEEP
  
  12288:IMrNy90F6DZIELA8Cz85U5zqFDI07R1XRPtt:VyQQbZ5lFDT77BPL
Score

10^/10

redline ditro discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineditrodiscoveryinfostealerpersistence