redline | 8c3a23bed5d8bf6fb410bc0b05f579f18d2e71fe4984d9714e7e127c9fad2905 | Triage

Sharing

General

Target

8c3a23bed5d8bf6fb410bc0b05f579f18d2e71fe4984d9714e7e127c9fad2905
Size

1.5MB
Sample

231023-ejnaqadh4s
MD5

106e0f86e7e00d14c65765967b17879f
SHA1

77e6608cd1ed7ae3305f34f5f5ba19e652bf5a75
SHA256

8c3a23bed5d8bf6fb410bc0b05f579f18d2e71fe4984d9714e7e127c9fad2905
SHA512

63d90fcafdc6ec194fa03944ef6aeefccb4fc4c695c44df93e03da55562bce0bb933425c2a774978dca97206c1129313856ea60b0dc11addabf10b9d24e6c337
SSDEEP

24576:PyrGhdyHEBxy0p4TKUfZtEq1WOhXEU9jXMDM02I5T/yxMMaLm3Da:arSyHE4HF1WDU9j87p+xS

Score

10^/10

redline kinder infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kinder

C2

109.107.182.133:19084

Targets

- Target
  
  8c3a23bed5d8bf6fb410bc0b05f579f18d2e71fe4984d9714e7e127c9fad2905
- Size
  
  1.5MB
- MD5
  
  106e0f86e7e00d14c65765967b17879f
- SHA1
  
  77e6608cd1ed7ae3305f34f5f5ba19e652bf5a75
- SHA256
  
  8c3a23bed5d8bf6fb410bc0b05f579f18d2e71fe4984d9714e7e127c9fad2905
- SHA512
  
  63d90fcafdc6ec194fa03944ef6aeefccb4fc4c695c44df93e03da55562bce0bb933425c2a774978dca97206c1129313856ea60b0dc11addabf10b9d24e6c337
- SSDEEP
  
  24576:PyrGhdyHEBxy0p4TKUfZtEq1WOhXEU9jXMDM02I5T/yxMMaLm3Da:arSyHE4HF1WDU9j87p+xS
Score

10^/10

redline kinder infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekinderinfostealerpersistence