redline | 1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01 | Triage

Sharing

General

Target

1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01
Size

1.3MB
Sample

231008-gksypscf27
MD5

c49e3017e606c005354d432f3f881d03
SHA1

0389dd7d07aec776f09223ae287d5d033198fb9a
SHA256

1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01
SHA512

bdddec1ea1bec3e6b005d654ed550a22eada8a0dc8e78525e670dde8724dfe5732c96a94cdbc7be48e49bd2f4311c456cf565b4a1776d541ff485dcb3a0e45af
SSDEEP

24576:1y9U9byiriRkjDd3xZWxghIP9tph2ar9EFKFQJTDPglgJk:QMLriRkjD/glVFj9EFKFQJi0

Score

10^/10

redline lutyr infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

lutyr

C2

77.91.124.55:19071

Targets

- Target
  
  1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01
- Size
  
  1.3MB
- MD5
  
  c49e3017e606c005354d432f3f881d03
- SHA1
  
  0389dd7d07aec776f09223ae287d5d033198fb9a
- SHA256
  
  1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01
- SHA512
  
  bdddec1ea1bec3e6b005d654ed550a22eada8a0dc8e78525e670dde8724dfe5732c96a94cdbc7be48e49bd2f4311c456cf565b4a1776d541ff485dcb3a0e45af
- SSDEEP
  
  24576:1y9U9byiriRkjDd3xZWxghIP9tph2ar9EFKFQJTDPglgJk:QMLriRkjD/glVFj9EFKFQJi0
Score

10^/10

redline lutyr infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelutyrinfostealerpersistence