redline | 2458fb4cb1187866a6a8de91a210947feec7b533fd18af65ea0b03a82bcfd95b | Triage

Sharing

General

Target

2458fb4cb1187866a6a8de91a210947feec7b533fd18af65ea0b03a82bcfd95b
Size

838KB
Sample

230210-1dhc6sde4v
MD5

90dccfdde15b38889285e67750f23865
SHA1

e226b0e94120bd0138afb3f1af346a49b6d72b7f
SHA256

2458fb4cb1187866a6a8de91a210947feec7b533fd18af65ea0b03a82bcfd95b
SHA512

73ddee7f70279f099e74b67693ccb9d9c77e3aeb42ce48a3a4078eea285f200563c9324a46fe8eca1ecbbe21d63ebeb8cce5e1bc38040ac03edc04831680e2af
SSDEEP

12288:NMr/y90RK1qlmLmNOtrnZpH5vFJCi8aA2Ggf0DZ1tXwGzNdiKVt6Fo0T:CyKkokqOtNpZP8sGFtPniSt+T

Score

10^/10

redline crypt1 infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

crypt1

C2

176.113.115.17:4132

Attributes

auth_value
2e2ca7bbceaa9f98252a6f9fc0e6fa86

Targets

- Target
  
  2458fb4cb1187866a6a8de91a210947feec7b533fd18af65ea0b03a82bcfd95b
- Size
  
  838KB
- MD5
  
  90dccfdde15b38889285e67750f23865
- SHA1
  
  e226b0e94120bd0138afb3f1af346a49b6d72b7f
- SHA256
  
  2458fb4cb1187866a6a8de91a210947feec7b533fd18af65ea0b03a82bcfd95b
- SHA512
  
  73ddee7f70279f099e74b67693ccb9d9c77e3aeb42ce48a3a4078eea285f200563c9324a46fe8eca1ecbbe21d63ebeb8cce5e1bc38040ac03edc04831680e2af
- SSDEEP
  
  12288:NMr/y90RK1qlmLmNOtrnZpH5vFJCi8aA2Ggf0DZ1tXwGzNdiKVt6Fo0T:CyKkokqOtNpZP8sGFtPniSt+T
Score

10^/10

redline crypt1 infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecrypt1infostealerpersistence