redline | 39a6f8860414fb2b166fd8439958be6965fed54093f417c9eeb46bec51e12714 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39a6f8860414fb2b166fd8439958be6965fed54093f417c9eeb46bec51e12714
Size

928KB
Sample

231011-279j7abc2w
MD5

d8e9c260db3627af52b3e312890ae097
SHA1

d54a159697809e679b19b079e7e1a9cb99ebef86
SHA256

39a6f8860414fb2b166fd8439958be6965fed54093f417c9eeb46bec51e12714
SHA512

6e7194ab9ef108665b5be30ee83dc10de5f4d7bf0f0be6354d28ee14edbad34bda51427a86007d325155754b61740b07fc2fe2d356a41dcbe5ac0ed4e1e5ac82
SSDEEP

12288:MMrWy90SEvH9iTCqkktexhP5gvm9pzWNXAVWOtdbgf45AUYGIvbmhHsL:qyiqk1hP5gvmlNSGAbvqFg

Score

10^/10

redline tuxiu infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes

auth_value
29610cdad07e7187eec70685a04b89fe

Targets

- Target
  
  39a6f8860414fb2b166fd8439958be6965fed54093f417c9eeb46bec51e12714
- Size
  
  928KB
- MD5
  
  d8e9c260db3627af52b3e312890ae097
- SHA1
  
  d54a159697809e679b19b079e7e1a9cb99ebef86
- SHA256
  
  39a6f8860414fb2b166fd8439958be6965fed54093f417c9eeb46bec51e12714
- SHA512
  
  6e7194ab9ef108665b5be30ee83dc10de5f4d7bf0f0be6354d28ee14edbad34bda51427a86007d325155754b61740b07fc2fe2d356a41dcbe5ac0ed4e1e5ac82
- SSDEEP
  
  12288:MMrWy90SEvH9iTCqkktexhP5gvm9pzWNXAVWOtdbgf45AUYGIvbmhHsL:qyiqk1hP5gvmlNSGAbvqFg
Score

10^/10

persistence redline tuxiu infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinetuxiuinfostealerpersistence