redline | 6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7 | Triage

Sharing

General

Target

6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
Size

929KB
Sample

230923-qn96tsff9w
MD5

3755ec6ff61be24c7f3270251e310201
SHA1

bd8602f8f69de61cc6d0402a19941700e9f87ee8
SHA256

6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
SHA512

4e948e4af57b3a9ddff258ff6961819bef240a9d8ec1efc032dbab652f71bae9a898071081f02f5301e07284e89b1fbf4011ab8332194da23aeee82de8d13810
SSDEEP

12288:/MrQy900smtl3kLPvEfte09n9TpRaRPRZXr3o9wZ4bLOVlhrVd8IF+86hUBGE6KH:zyu0leWtfXXYC2VVd6/hUBGEJ+p8HJ

Score

10^/10

redline tuxiu infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes

auth_value
29610cdad07e7187eec70685a04b89fe

Targets

- Target
  
  6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
- Size
  
  929KB
- MD5
  
  3755ec6ff61be24c7f3270251e310201
- SHA1
  
  bd8602f8f69de61cc6d0402a19941700e9f87ee8
- SHA256
  
  6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7
- SHA512
  
  4e948e4af57b3a9ddff258ff6961819bef240a9d8ec1efc032dbab652f71bae9a898071081f02f5301e07284e89b1fbf4011ab8332194da23aeee82de8d13810
- SSDEEP
  
  12288:/MrQy900smtl3kLPvEfte09n9TpRaRPRZXr3o9wZ4bLOVlhrVd8IF+86hUBGE6KH:zyu0leWtfXXYC2VVd6/hUBGEJ+p8HJ
Score

10^/10

redline tuxiu infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetuxiuinfostealerpersistence