redline | b06e1d01b82b1d8f2b73652b7bf5f40fd4a49c7e74ac98b77d5f481715bb6aa9 | Triage

Sharing

General

Target

b06e1d01b82b1d8f2b73652b7bf5f40fd4a49c7e74ac98b77d5f481715bb6aa9
Size

1.5MB
Sample

231023-epaa2sdh5v
MD5

8d575166139d6f2a40773a977912b67c
SHA1

d085227fb49c3c316f6df6069118d989a1da6c6a
SHA256

b06e1d01b82b1d8f2b73652b7bf5f40fd4a49c7e74ac98b77d5f481715bb6aa9
SHA512

eb0a72645431b939fbd5f2a4a88562f3d12afc12131f98e42ecf95b6bc926d327242aa18e262d7174f5535c257b2c90b68b5a56a828eee765d7af3033bd82d6c
SSDEEP

24576:DyAnmnaW4NSnbcgRtE5XAqxWnd+HMXhiir11WXQfUcx08bg533q:WAmnaXYcgzmoosXhitQfUc9

Score

10^/10

redline kinder infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kinder

C2

109.107.182.133:19084

Targets

- Target
  
  b06e1d01b82b1d8f2b73652b7bf5f40fd4a49c7e74ac98b77d5f481715bb6aa9
- Size
  
  1.5MB
- MD5
  
  8d575166139d6f2a40773a977912b67c
- SHA1
  
  d085227fb49c3c316f6df6069118d989a1da6c6a
- SHA256
  
  b06e1d01b82b1d8f2b73652b7bf5f40fd4a49c7e74ac98b77d5f481715bb6aa9
- SHA512
  
  eb0a72645431b939fbd5f2a4a88562f3d12afc12131f98e42ecf95b6bc926d327242aa18e262d7174f5535c257b2c90b68b5a56a828eee765d7af3033bd82d6c
- SSDEEP
  
  24576:DyAnmnaW4NSnbcgRtE5XAqxWnd+HMXhiir11WXQfUcx08bg533q:WAmnaXYcgzmoosXhitQfUc9
Score

10^/10

redline kinder infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekinderinfostealerpersistence