redline | ab418b18842fc981af48d2a725fabde40f9c7973cf2345ea2d7f7811837654e7 | Triage

Sharing

General

Target

5fd8fbc35bae4dd4bf2f6564ac6838cc730c9a220b144c4b710fe0d165ba7bca
Size

1.4MB
Sample

231103-phd1rsce33
MD5

df2fb530fb904ed05a95b333574c75b9
SHA1

5f1e1933bc7290990d99ca1d78ed74617dd3356f
SHA256

ab418b18842fc981af48d2a725fabde40f9c7973cf2345ea2d7f7811837654e7
SHA512

c69e8f90388b647c55eedad43ec380ecc034104510b5cb260cedb685b778d298bf48e0cf407beb0c991d02ef97590f863fa649c10ad45532c57377a4090bced0
SSDEEP

24576:1Iybx3EMGrblQDBjYHo7YgMntuodEVM7fApVljkqXJ54SRZlB/2UBPyAW3xw:1WMgO8pntuE8pVlok//bY7S

Score

10^/10

redline kedru infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

kedru

C2

77.91.124.86:19084

Targets

- Target
  
  5fd8fbc35bae4dd4bf2f6564ac6838cc730c9a220b144c4b710fe0d165ba7bca
- Size
  
  1.5MB
- MD5
  
  d29c714e866ed10440e064dd8aeaa4ef
- SHA1
  
  d6817ebae12e13631457d6b7c5f6b6b161ae3904
- SHA256
  
  5fd8fbc35bae4dd4bf2f6564ac6838cc730c9a220b144c4b710fe0d165ba7bca
- SHA512
  
  e7555e20cc1660d3ada11a279236e6c6db0d803a83c9277e9c3df31a6eb2d7be74cea2b947ed8325a67ecd91c27c3a6d9cf08bf62a6bad2ae9e057e9146feab3
- SSDEEP
  
  24576:WyC3trZbQNBtY1o7QgMgdJiVM7MkY5ahPB9BRZbpAYTlH3AAW3xO:liEOXuqa1plvN3A7
Score

10^/10

redline kedru infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinekedruinfostealerpersistence