redline | 09ca0e52624d1fb50bea8b2e724d5364d2eb4ab08c5a6b6d40e900a040214731 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09ca0e52624d1fb50bea8b2e724d5364d2eb4ab08c5a6b6d40e900a040214731
Size

636KB
Sample

231011-my2qnabf86
MD5

7f93506af527337a9b2a7099dd32f263
SHA1

c7c8bcef1f5d9c0a8fa579865f223441f0540e10
SHA256

09ca0e52624d1fb50bea8b2e724d5364d2eb4ab08c5a6b6d40e900a040214731
SHA512

43b53726c6b4c04060f061def5e4b0b60c17334ec287e604010473660f78441737405270d6f89fd371839cd19897fe647e0541e30fc56fc1fb74488889c2ad98
SSDEEP

12288:UMr5y90TDaocY+Z5deCl5EZ+UNfIsGu/s/c6tfBuKsJPK7NdcmG7EKUv:lyu1WHEMyIsGu/gBB3sy7m7Ebv

Score

10^/10

redline luate infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes

auth_value
e45cd419aba6c9d372088ffe5629308b

Targets

- Target
  
  09ca0e52624d1fb50bea8b2e724d5364d2eb4ab08c5a6b6d40e900a040214731
- Size
  
  636KB
- MD5
  
  7f93506af527337a9b2a7099dd32f263
- SHA1
  
  c7c8bcef1f5d9c0a8fa579865f223441f0540e10
- SHA256
  
  09ca0e52624d1fb50bea8b2e724d5364d2eb4ab08c5a6b6d40e900a040214731
- SHA512
  
  43b53726c6b4c04060f061def5e4b0b60c17334ec287e604010473660f78441737405270d6f89fd371839cd19897fe647e0541e30fc56fc1fb74488889c2ad98
- SSDEEP
  
  12288:UMr5y90TDaocY+Z5deCl5EZ+UNfIsGu/s/c6tfBuKsJPK7NdcmG7EKUv:lyu1WHEMyIsGu/gBB3sy7m7Ebv
Score

10^/10

redline luate infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineluateinfostealerpersistence

behavioral2

redlineluateinfostealerpersistence