redline | 8dbb4e36628de5b729494e43b4a0b2648e419324b6a8a7ac83b55a144efffcd1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8dbb4e36628de5b729494e43b4a0b2648e419324b6a8a7ac83b55a144efffcd1
Size

1.7MB
Sample

231024-bydhaahg3x
MD5

7cf55520c2df685f80ca089118271188
SHA1

054eacd0d9262a4433ceba702568d8cf5298e724
SHA256

8dbb4e36628de5b729494e43b4a0b2648e419324b6a8a7ac83b55a144efffcd1
SHA512

25fd0e1b2ae00b587a51454690600d71aeb575c632efe736c75ec379c2a46306dffcbd34bb00cb38e7b67d1d3e764132f0e4e976841462b62f98d6a8071b0915
SSDEEP

49152:h3JAEwmmByX6db5kleU7aJznzTRxt+9pwQnc:BJMmm0X69kMUGJzRP+AZ

Score

10^/10

redline kinza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  8dbb4e36628de5b729494e43b4a0b2648e419324b6a8a7ac83b55a144efffcd1
- Size
  
  1.7MB
- MD5
  
  7cf55520c2df685f80ca089118271188
- SHA1
  
  054eacd0d9262a4433ceba702568d8cf5298e724
- SHA256
  
  8dbb4e36628de5b729494e43b4a0b2648e419324b6a8a7ac83b55a144efffcd1
- SHA512
  
  25fd0e1b2ae00b587a51454690600d71aeb575c632efe736c75ec379c2a46306dffcbd34bb00cb38e7b67d1d3e764132f0e4e976841462b62f98d6a8071b0915
- SSDEEP
  
  49152:h3JAEwmmByX6db5kleU7aJznzTRxt+9pwQnc:BJMmm0X69kMUGJzRP+AZ
Score

10^/10

redline kinza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekinzainfostealerpersistence