redline | b7215d29651d883138e7000f2568418b02cb62350924f78ec75b7c7f0d3a9a72 | Triage

Sharing

General

Target

file.exe
Size

506KB
Sample

231012-chgenshf2x
MD5

0f724d78d4a65272ac085236c9caf06b
SHA1

9449892f318709e1abfd33dd059dbdd1de8a0392
SHA256

b7215d29651d883138e7000f2568418b02cb62350924f78ec75b7c7f0d3a9a72
SHA512

6c4e203e8de1c30cb4fc417fb55887adb80682f1c24ff7f2a8786a7ca179369cdbe4c16fbbe0efc154eaac741ff62c3d81132fd2a8f8125613ac1df4ba678ba5
SSDEEP

12288:qMriy90OWwCjyUi0kYkqnDIw4M0/2+Vlnw+Q1:0yywmyUigbDIw7AZQ1

Score

10^/10

redline trush infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

trush

C2

77.91.124.82:19071

Attributes

auth_value
c13814867cde8193679cd0cad2d774be

Targets

- Target
  
  file.exe
- Size
  
  506KB
- MD5
  
  0f724d78d4a65272ac085236c9caf06b
- SHA1
  
  9449892f318709e1abfd33dd059dbdd1de8a0392
- SHA256
  
  b7215d29651d883138e7000f2568418b02cb62350924f78ec75b7c7f0d3a9a72
- SHA512
  
  6c4e203e8de1c30cb4fc417fb55887adb80682f1c24ff7f2a8786a7ca179369cdbe4c16fbbe0efc154eaac741ff62c3d81132fd2a8f8125613ac1df4ba678ba5
- SSDEEP
  
  12288:qMriy90OWwCjyUi0kYkqnDIw4M0/2+Vlnw+Q1:0yywmyUigbDIw7AZQ1
Score

10^/10

persistence redline trush infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinetrushinfostealerpersistence