redline | 7fd190439f0ae37e1f774f163eaa9d28a826b8834f3978882222a63d9d220f23 | Triage

Sharing

General

Target

5461b2ea5f397c9dffba0bf58e4b4a77.bin
Size

1.3MB
Sample

230712-bqjpbsbd95
MD5

3fc9f2b6b2dfe4f6202506e738c61a56
SHA1

05bac3eb7f26d531e87ca0e6469a3db7f9b4d70c
SHA256

7fd190439f0ae37e1f774f163eaa9d28a826b8834f3978882222a63d9d220f23
SHA512

e87e1d5ee6bbaac089585badcf23781514631cb7dc664d098b94f1a6cc0be228a24f1054a3f1fd3692fb23104f5450a6df60faf530d2a666675bf5d67ba23623
SSDEEP

24576:c1ZpIcu3sQmslL1suMk67atQqM8SHIYWVlSweOxMnmPns989KB0mB3b6q:WrIc+V1jMkttQ9WzSweOamPnCI40O1

Score

10^/10

redline kira infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kira

C2

77.91.68.48:19071

Attributes

auth_value
1677a40fd8997eb89377e1681911e9c6

Targets

- Target
  
  26bc3d8b0c6cd099d29f18e481d101c5be5b49db9655a0eb2cc339f9721b77ae.exe
- Size
  
  1.3MB
- MD5
  
  5461b2ea5f397c9dffba0bf58e4b4a77
- SHA1
  
  4aa5824c71de814f76a2c18f0ebccc0d47d1269f
- SHA256
  
  26bc3d8b0c6cd099d29f18e481d101c5be5b49db9655a0eb2cc339f9721b77ae
- SHA512
  
  d7d79de2545ef38d463b3c3d75f1bf7267727f5fcf35fa183cf2fe2b529b58a96ca5e436f08fb3684c3651b6fd690215578eece22f693d323b69f6811dc45c36
- SSDEEP
  
  24576:bE47kOUEfJvETlpqftmHioiS+yvk3RZAdBbVTb34k30/8dRi9:bEq5PfJvExMftmHzO0khZApykji9
Score

10^/10

redline kira infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekirainfostealerpersistence

behavioral2

redlinekirainfostealerpersistence