redline | abe75a1220aab2d6ccf117f72f21159cc37b36a3112819e026a8193a6cc99a2b | Triage

Sharing

General

Target

566423477686c57b22294736bf72fff582d7b0b96459926f7eca3ec710173319
Size

1.4MB
Sample

231031-1cqcdsea9y
MD5

aac12e791432ba8723d7cce41c86f2da
SHA1

d011f21587b8953883b7d29ac3875619396aa85c
SHA256

abe75a1220aab2d6ccf117f72f21159cc37b36a3112819e026a8193a6cc99a2b
SHA512

c51fd1f2bbd5e8fdbaef35a5baeff3bea108471c090b23a12f09f38f9b67565ed2c37011c2b75b8545b597813e5c3a1c092d3d6d18356693d817d458892e439b
SSDEEP

24576:myfL5CDu9FCRvHOaGMG3koaWo7tLpCGXEkLwgqbwTFs3r:1T5UzlHONMPoanVcGX2gqbwW

Score

10^/10

redline kinza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  566423477686c57b22294736bf72fff582d7b0b96459926f7eca3ec710173319
- Size
  
  1.5MB
- MD5
  
  10f1fd1abdb61d0d9b6c6825a1b0f4f5
- SHA1
  
  53bbb16bda921f2136de280de9034ae6e80fab81
- SHA256
  
  566423477686c57b22294736bf72fff582d7b0b96459926f7eca3ec710173319
- SHA512
  
  033d08d69ce2073c993600b0ab1fbc84ebabf0e7b733e95f1e1ba475ff679c0d768a84c5ef32a763ef360bd71882252bd33a9b5ec633b864fbd3ac2caf759f8f
- SSDEEP
  
  24576:1yO8rCrutFCFzjyYMS3ko4WrLa3LB26TP6+LwSq5GTjULga:QtrGfFzjyYMTo4MWbB26ToSq5G
Score

10^/10

redline kinza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekinzainfostealerpersistence