redline | 4ea6d64ab4fcb5ffb06e1f8ef5db4290be3a535c0ca256bc922e9708ca6191a6 | Triage

Sharing

General

Target

00451fa6d543d1ecc4a863c1a.exe
Size

514KB
Sample

230710-plsnbsbb3t
MD5

00451fa6d543d1ecc4a863c1a99c1e65
SHA1

b5401045d48b24cf0e9fcb1bc62c05ddce21af06
SHA256

4ea6d64ab4fcb5ffb06e1f8ef5db4290be3a535c0ca256bc922e9708ca6191a6
SHA512

959d1d65a4db7fdd44c9ad0070d371b33443107caccc71ddbf007b51f880007ec266140ffe1dca024b5e9605049f6164c6caa0c966b6bcb2c0c8d89025418f78
SSDEEP

6144:xmPD0GqyHBBDCWGYLUz247rT2+PsCd0ukjIormfdVKMNR8jl4D46JdrOE1LULXJj:xmYAbz47H2+RYtKfPKheECp1wLr

Score

10^/10

redline kira infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kira

C2

77.91.68.48:19071

Attributes

auth_value
1677a40fd8997eb89377e1681911e9c6

Targets

- Target
  
  00451fa6d543d1ecc4a863c1a.exe
- Size
  
  514KB
- MD5
  
  00451fa6d543d1ecc4a863c1a99c1e65
- SHA1
  
  b5401045d48b24cf0e9fcb1bc62c05ddce21af06
- SHA256
  
  4ea6d64ab4fcb5ffb06e1f8ef5db4290be3a535c0ca256bc922e9708ca6191a6
- SHA512
  
  959d1d65a4db7fdd44c9ad0070d371b33443107caccc71ddbf007b51f880007ec266140ffe1dca024b5e9605049f6164c6caa0c966b6bcb2c0c8d89025418f78
- SSDEEP
  
  6144:xmPD0GqyHBBDCWGYLUz247rT2+PsCd0ukjIormfdVKMNR8jl4D46JdrOE1LULXJj:xmYAbz47H2+RYtKfPKheECp1wLr
Score

10^/10

redline kira infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekirainfostealerpersistence

behavioral2

redlinekirainfostealerpersistence