redline | 856494eaea6f98e8b8b57f40f07f37963cb41b969e63affee8a6bed70b4db15c | Triage

Sharing

General

Target

856494eaea6f98e8b8b57f40f07f37963cb41b969e63affee8a6bed70b4db15c
Size

892KB
Sample

241111-cjtfmazeql
MD5

bda5619521302b7d977e5fd8497d5347
SHA1

7935dd9262db1b01479ceac7d2c289b7b717db2b
SHA256

856494eaea6f98e8b8b57f40f07f37963cb41b969e63affee8a6bed70b4db15c
SHA512

944482f87f7221f75f9d2356107b1ca8a06bc18c6626a7c36f888285342e685fa5a87caf238e4f281bf3b986cf5dcaa358d82f3749a0b23dd3573e31d60cf2bf
SSDEEP

12288:/y90p8ObVVJSCuLHk8J93FJ9TqRidGGNikyC2e2N/pRvolJzPCrDjKeYyq:/yZ2VPSCuFZdVDwrQ5PCrDOeNq

Score

10^/10

redline danko gena discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

danko

C2

185.161.248.73:4164

Attributes

auth_value
784d42a6c1eb1a5060b8bcd3696f5f1e

Targets

- Target
  
  856494eaea6f98e8b8b57f40f07f37963cb41b969e63affee8a6bed70b4db15c
- Size
  
  892KB
- MD5
  
  bda5619521302b7d977e5fd8497d5347
- SHA1
  
  7935dd9262db1b01479ceac7d2c289b7b717db2b
- SHA256
  
  856494eaea6f98e8b8b57f40f07f37963cb41b969e63affee8a6bed70b4db15c
- SHA512
  
  944482f87f7221f75f9d2356107b1ca8a06bc18c6626a7c36f888285342e685fa5a87caf238e4f281bf3b986cf5dcaa358d82f3749a0b23dd3573e31d60cf2bf
- SSDEEP
  
  12288:/y90p8ObVVJSCuLHk8J93FJ9TqRidGGNikyC2e2N/pRvolJzPCrDjKeYyq:/yZ2VPSCuFZdVDwrQ5PCrDOeNq
Score

10^/10

redline danko gena discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedankogenadiscoveryinfostealerpersistence