redline | 8107ec47559ed8c36318a2bfa531e48f3f9080d9319e940c69a705f3ec0622ca | Triage

Sharing

General

Target

378709e6dfa1907262b83a223469bacd2ab5329c2e900e9862c9395d2aacdfee
Size

1.1MB
Sample

231016-rgpf8age2t
MD5

0d0150e6f9b1507dc51dc028e506434e
SHA1

591933aacdec9692af828b80b35d9b4e70a193e3
SHA256

8107ec47559ed8c36318a2bfa531e48f3f9080d9319e940c69a705f3ec0622ca
SHA512

eeb05bd39726734eebd7547ab3f187759f59492359197aaf0c7ffb1c2abb8b0c5ac2ce59627ecb5c74fdf9bb3a10baf97fc768c8d00d1aaa21777294dacd22e0
SSDEEP

24576:ty3VLoq6dZ7SBhhkwblipcAvrbh/fke52a:I3VLynQhjJivRfhb

Score

10^/10

redline kukish infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

- Target
  
  378709e6dfa1907262b83a223469bacd2ab5329c2e900e9862c9395d2aacdfee
- Size
  
  1.1MB
- MD5
  
  d918302eff427b8528fd85a110d07b8d
- SHA1
  
  6deb85ef73bf026ff2c1d66c894bcec64e77f9f1
- SHA256
  
  378709e6dfa1907262b83a223469bacd2ab5329c2e900e9862c9395d2aacdfee
- SHA512
  
  1e5c24b378548cf3d8c0e4287810894bd4f9f732bb03f9c7d2ff1ba412ef87a7d10f91c13a37d1470f6ed00acf8206b5c8494a4249c4285220af9714bc7f22bb
- SSDEEP
  
  24576:lyGtE8WqWdT5Svlhkwvlipc4lrnR/1oejn18s:AGtEzbMlj9iJt1Vy
Score

10^/10

persistence redline kukish infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinekukishinfostealerpersistence