redline | e284c7dce287a6e32d40d7df2352017d7893e150485ea35f3b9c715758779d27 | Triage

Sharing

General

Target

e284c7dce287a6e32d40d7df2352017d7893e150485ea35f3b9c715758779d27
Size

928KB
Sample

230923-zn8gnsad4y
MD5

70cb75d4a40cb285ab95e00e8348acfc
SHA1

8572fa8891ea828493b6c230f04e88c91ccd72c0
SHA256

e284c7dce287a6e32d40d7df2352017d7893e150485ea35f3b9c715758779d27
SHA512

5c0c36c74b64590ec68d1a3394933086668298e1c43594288349a35f278cf95d9973a1c435fd12164d2d2e3df5149354ef45f8db6980220efd26f3bd46dac4fc
SSDEEP

24576:Syp3NfPsrDhJrxA7n/L33PzUqXXhBTJs9WSHF8IqJS1q:5p9fP+dJrxo/LHPzVnDlz

Score

10^/10

redline tuxiu infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes

auth_value
29610cdad07e7187eec70685a04b89fe

Targets

- Target
  
  e284c7dce287a6e32d40d7df2352017d7893e150485ea35f3b9c715758779d27
- Size
  
  928KB
- MD5
  
  70cb75d4a40cb285ab95e00e8348acfc
- SHA1
  
  8572fa8891ea828493b6c230f04e88c91ccd72c0
- SHA256
  
  e284c7dce287a6e32d40d7df2352017d7893e150485ea35f3b9c715758779d27
- SHA512
  
  5c0c36c74b64590ec68d1a3394933086668298e1c43594288349a35f278cf95d9973a1c435fd12164d2d2e3df5149354ef45f8db6980220efd26f3bd46dac4fc
- SSDEEP
  
  24576:Syp3NfPsrDhJrxA7n/L33PzUqXXhBTJs9WSHF8IqJS1q:5p9fP+dJrxo/LHPzVnDlz
Score

10^/10

redline tuxiu infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetuxiuinfostealerpersistence