redline | edcb08bb4ec55c4e0318981cecaa61252a51e3bdf719e8b073bfaddaf499dfae | Triage

Sharing

General

Target

edcb08bb4ec55c4e0318981cecaa61252a51e3bdf719e8b073bfaddaf499dfae
Size

1.1MB
Sample

231117-bqe15sdh7t
MD5

09d9ad3617bae4f07af535e8a7eb0591
SHA1

759126ea236796926c39be17a68cc82b6dc3b760
SHA256

edcb08bb4ec55c4e0318981cecaa61252a51e3bdf719e8b073bfaddaf499dfae
SHA512

94ef83694b63b44eae6a734bf10f9e243ac5072b0166fee79d5bf8069b98d3251ee2157368cb94baec610613cc3641e6b2cc736bd8767aec6b921f147bcd86f8
SSDEEP

24576:+yj2/YCgZy/ZUxSGsJR151y9unZrn2sHBKYLulg:NOYVZcZUoJ29unln2sHBHLu

Score

10^/10

redline horda infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Targets

- Target
  
  edcb08bb4ec55c4e0318981cecaa61252a51e3bdf719e8b073bfaddaf499dfae
- Size
  
  1.1MB
- MD5
  
  09d9ad3617bae4f07af535e8a7eb0591
- SHA1
  
  759126ea236796926c39be17a68cc82b6dc3b760
- SHA256
  
  edcb08bb4ec55c4e0318981cecaa61252a51e3bdf719e8b073bfaddaf499dfae
- SHA512
  
  94ef83694b63b44eae6a734bf10f9e243ac5072b0166fee79d5bf8069b98d3251ee2157368cb94baec610613cc3641e6b2cc736bd8767aec6b921f147bcd86f8
- SSDEEP
  
  24576:+yj2/YCgZy/ZUxSGsJR151y9unZrn2sHBKYLulg:NOYVZcZUoJ29unln2sHBHLu
Score

10^/10

redline horda infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinehordainfostealerpersistence