redline | dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198 | Triage

Sharing

General

Target

dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
Size

847KB
Sample

230930-qlebdace9z
MD5

503da9d1629d30c10c5efc25d4328193
SHA1

b94d04f6e6c96d12e7c7695be7ebfb9a1f46f701
SHA256

dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
SHA512

a28d03ba2911b1b1654b6f06f90b151aa1929286f0c1f6afcfde813b4a178b28be8845080d717870601c85d0730e66adb9b336a12ce67e98e959779489a65b41
SSDEEP

12288:pMr8y90/fEu/uE0IZj5UBup4rHSso2v2R4Dsg0Zra//ZiPWPMi0LsIOIxkYcB8Bf:xyqTuXuRgPwryZ3PTOxkDeQhcP

Score

10^/10

redline luska infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes

auth_value
a6797888f51a88afbfd8854a79ac9357

Targets

- Target
  
  dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
- Size
  
  847KB
- MD5
  
  503da9d1629d30c10c5efc25d4328193
- SHA1
  
  b94d04f6e6c96d12e7c7695be7ebfb9a1f46f701
- SHA256
  
  dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198
- SHA512
  
  a28d03ba2911b1b1654b6f06f90b151aa1929286f0c1f6afcfde813b4a178b28be8845080d717870601c85d0730e66adb9b336a12ce67e98e959779489a65b41
- SSDEEP
  
  12288:pMr8y90/fEu/uE0IZj5UBup4rHSso2v2R4Dsg0Zra//ZiPWPMi0LsIOIxkYcB8Bf:xyqTuXuRgPwryZ3PTOxkDeQhcP
Score

10^/10

redline luska infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineluskainfostealerpersistence