redline | 1fbdb25205f7869f90738640f3afbacfe796532d8738bb0522aeae3963aaf0f7 | Triage

Sharing

General

Target

1fbdb25205f7869f90738640f3afbacfe796532d8738bb0522aeae3963aaf0f7
Size

1.5MB
Sample

231022-3ts6qadc9v
MD5

44e515bbbd2c68ca226c0c78b074bb3e
SHA1

af39abea28203ee43f0e559bb58edfe137afb75e
SHA256

1fbdb25205f7869f90738640f3afbacfe796532d8738bb0522aeae3963aaf0f7
SHA512

cee6bf9cd4b962aae960e8e27ef13c269d5566234d1f5b972512f4b5c4bfe304bff8396fd20db2ee512befebd59d0bbafe8a1e9260638d28f467f262bb4048e8
SSDEEP

24576:MyEZqtScxGfrXDnqLGFDOsTKtC71uKftOSgve7WIj1u+iveR4:7ltVIzDnqL8OTtMwm3WAT

Score

10^/10

redline kinder infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kinder

C2

109.107.182.133:19084

Targets

- Target
  
  1fbdb25205f7869f90738640f3afbacfe796532d8738bb0522aeae3963aaf0f7
- Size
  
  1.5MB
- MD5
  
  44e515bbbd2c68ca226c0c78b074bb3e
- SHA1
  
  af39abea28203ee43f0e559bb58edfe137afb75e
- SHA256
  
  1fbdb25205f7869f90738640f3afbacfe796532d8738bb0522aeae3963aaf0f7
- SHA512
  
  cee6bf9cd4b962aae960e8e27ef13c269d5566234d1f5b972512f4b5c4bfe304bff8396fd20db2ee512befebd59d0bbafe8a1e9260638d28f467f262bb4048e8
- SSDEEP
  
  24576:MyEZqtScxGfrXDnqLGFDOsTKtC71uKftOSgve7WIj1u+iveR4:7ltVIzDnqL8OTtMwm3WAT
Score

10^/10

redline kinder infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekinderinfostealerpersistence