redline | b8f265fee6ef9f2f716d8b855a7a388e4a0d583f65685775c30d42d492a03408 | Triage

Sharing

General

Target

b8f265fee6ef9f2f716d8b855a7a388e4a0d583f65685775c30d42d492a03408
Size

707KB
Sample

241111-csyrpszgnr
MD5

c6e7740e584f048d02371d4f107bb5b5
SHA1

8e4b2831800032ed5890331a7785c98f10edffa9
SHA256

b8f265fee6ef9f2f716d8b855a7a388e4a0d583f65685775c30d42d492a03408
SHA512

291e8535edae2e7becb3aaca01f2bf3d2d861f116ee68cf99338a5951a8631b64aefbfa819d85c588c8948751119113b6e113d7758ffd770b87bcd14a4cb760c
SSDEEP

12288:9MrPy90Na7jdlO4NXgJ26rnj+BbsuqMdoQYCvnaraXEpHvqz4kz9:qyLjd/NwJXGbNq/eard9G9

Score

10^/10

redline discovery infostealer persistence

Malware Config

Targets

- Target
  
  b8f265fee6ef9f2f716d8b855a7a388e4a0d583f65685775c30d42d492a03408
- Size
  
  707KB
- MD5
  
  c6e7740e584f048d02371d4f107bb5b5
- SHA1
  
  8e4b2831800032ed5890331a7785c98f10edffa9
- SHA256
  
  b8f265fee6ef9f2f716d8b855a7a388e4a0d583f65685775c30d42d492a03408
- SHA512
  
  291e8535edae2e7becb3aaca01f2bf3d2d861f116ee68cf99338a5951a8631b64aefbfa819d85c588c8948751119113b6e113d7758ffd770b87bcd14a4cb760c
- SSDEEP
  
  12288:9MrPy90Na7jdlO4NXgJ26rnj+BbsuqMdoQYCvnaraXEpHvqz4kz9:qyLjd/NwJXGbNq/eard9G9
Score

10^/10

redline discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerpersistence