redline | de5428166945b4b0c6d59162f2151f763384322ab9d7f6f6affc02eaf9b751d3 | Triage

Sharing

General

Target

de5428166945b4b0c6d59162f2151f763384322ab9d7f6f6affc02eaf9b751d3
Size

1.5MB
Sample

231023-dbyaaadf8y
MD5

e212a53febd75c4cd5c1b161ea15ace2
SHA1

85ed6698b8e494e2adbab8d31e3914cf4743fcee
SHA256

de5428166945b4b0c6d59162f2151f763384322ab9d7f6f6affc02eaf9b751d3
SHA512

8f5d72f379b1133319619041175956f5e6da1979311c8e287127d5259d25607e53ff9c55f71b45c58869a4e01425e47a826d650ed70b22d249f6ba435767e839
SSDEEP

24576:EyuE30XZOBNPvQWiSq2tE5joJ0BYIwtBATYuCxnQ8eFitl7//0x:TbEZKNPv+dUJ0uttBAvQTS4//0

Score

10^/10

redline kinder infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kinder

C2

109.107.182.133:19084

Targets

- Target
  
  de5428166945b4b0c6d59162f2151f763384322ab9d7f6f6affc02eaf9b751d3
- Size
  
  1.5MB
- MD5
  
  e212a53febd75c4cd5c1b161ea15ace2
- SHA1
  
  85ed6698b8e494e2adbab8d31e3914cf4743fcee
- SHA256
  
  de5428166945b4b0c6d59162f2151f763384322ab9d7f6f6affc02eaf9b751d3
- SHA512
  
  8f5d72f379b1133319619041175956f5e6da1979311c8e287127d5259d25607e53ff9c55f71b45c58869a4e01425e47a826d650ed70b22d249f6ba435767e839
- SSDEEP
  
  24576:EyuE30XZOBNPvQWiSq2tE5joJ0BYIwtBATYuCxnQ8eFitl7//0x:TbEZKNPv+dUJ0uttBAvQTS4//0
Score

10^/10

redline kinder infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekinderinfostealerpersistence