redline | 7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529 | Triage

Sharing

General

Target

7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
Size

1010KB
Sample

220427-vmkxrsabbm
MD5

9f1ce9c287893dd64fd52636ca6b8633
SHA1

8eabaaddd2ba0a07e9e1df042ab951f7f311ecda
SHA256

7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
SHA512

e625ee5f29a78796c20c93fdc7c078c8e82053b2dd21bb50975ee616bcab70419128eedcc4447e77c221e49c839da53fcb4117fd1496da33a244ba1c3481c564

Score

10^/10

redline 1 infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

1

C2

xeligaean.xyz:80

Targets

- Target
  
  7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
- Size
  
  1010KB
- MD5
  
  9f1ce9c287893dd64fd52636ca6b8633
- SHA1
  
  8eabaaddd2ba0a07e9e1df042ab951f7f311ecda
- SHA256
  
  7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
- SHA512
  
  e625ee5f29a78796c20c93fdc7c078c8e82053b2dd21bb50975ee616bcab70419128eedcc4447e77c221e49c839da53fcb4117fd1496da33a244ba1c3481c564
Score

10^/10

persistence redline 1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline1infostealerpersistence