redline | 8dadfcd6a346ae11851845f91f38e2c9132f7394522871e2306de368308b9ce1 | Triage

Sharing

General

Target

8dadfcd6a346ae11851845f91f38e2c9132f7394522871e2306de368308b9ce1
Size

928KB
Sample

230929-wj2lsaeh58
MD5

27da5f8c11ae7af3cdfac8dc71c4c3ff
SHA1

269f8187093db4eaafff64c6acb8320ad9f8e9a0
SHA256

8dadfcd6a346ae11851845f91f38e2c9132f7394522871e2306de368308b9ce1
SHA512

59e92b6789a52bbe37a467669e5b5c6f5b0ba0e40b82ded6adbee8c5bb2b53f50e0d06fa39f42b336c528167b775d8e18419892d1402503ffc8b5aed1b5ce6e7
SSDEEP

12288:wMrgy90/rbkOqD+vDHkeiGR7H8/MSJlbmFCGaQ2Aa2a95WNGw+1L7fwx1zkUix/V:AyY7vDES7c/Xlb0CGQKG31L7u1zHiVV

Score

10^/10

redline luska infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes

auth_value
a6797888f51a88afbfd8854a79ac9357

Targets

- Target
  
  8dadfcd6a346ae11851845f91f38e2c9132f7394522871e2306de368308b9ce1
- Size
  
  928KB
- MD5
  
  27da5f8c11ae7af3cdfac8dc71c4c3ff
- SHA1
  
  269f8187093db4eaafff64c6acb8320ad9f8e9a0
- SHA256
  
  8dadfcd6a346ae11851845f91f38e2c9132f7394522871e2306de368308b9ce1
- SHA512
  
  59e92b6789a52bbe37a467669e5b5c6f5b0ba0e40b82ded6adbee8c5bb2b53f50e0d06fa39f42b336c528167b775d8e18419892d1402503ffc8b5aed1b5ce6e7
- SSDEEP
  
  12288:wMrgy90/rbkOqD+vDHkeiGR7H8/MSJlbmFCGaQ2Aa2a95WNGw+1L7fwx1zkUix/V:AyY7vDES7c/Xlb0CGQKG31L7u1zHiVV
Score

10^/10

redline luska infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineluskainfostealerpersistence