redline | 1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4
Size

1.1MB
Sample

231022-17xd7ada2v
MD5

726211d761490028db412b94f41560cd
SHA1

35e2eaa4aef889f7ed15ba77c7a06790e983a507
SHA256

1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4
SHA512

290d47a1f42171474266fb2626ee9b0b02a81d337ccdbfd74355fe86c089fe4d8b63f7b804fe16ed0fed5ac27dcec2460ca13e91b252a399509d04bdd5da8abc
SSDEEP

24576:ey95/7BePPX9rVOgu6sz8O2K8UZhPfZnrwdidLlhl+2fYe:t9VEP1xOLP6SPWEHlTf

Score

10^/10

redline kukish infostealer persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4.exe

Resource

win7-20231020-en

redline kukish infostealer persistence

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4.exe

Resource

win10-20231020-en

redline kukish infostealer persistence

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

- Target
  
  1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4
- Size
  
  1.1MB
- MD5
  
  726211d761490028db412b94f41560cd
- SHA1
  
  35e2eaa4aef889f7ed15ba77c7a06790e983a507
- SHA256
  
  1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4
- SHA512
  
  290d47a1f42171474266fb2626ee9b0b02a81d337ccdbfd74355fe86c089fe4d8b63f7b804fe16ed0fed5ac27dcec2460ca13e91b252a399509d04bdd5da8abc
- SSDEEP
  
  24576:ey95/7BePPX9rVOgu6sz8O2K8UZhPfZnrwdidLlhl+2fYe:t9VEP1xOLP6SPWEHlTf
Score

10^/10

redline kukish infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekukishinfostealerpersistence

behavioral2

redlinekukishinfostealerpersistence

© 2018-2025

Terms | Privacy