redline | e68ea6e25a5cc8f64f181ae37db51547926e1570871c5ff8aad9ad4a84981919 | Triage

Sharing

General

Target

e68ea6e25a5cc8f64f181ae37db51547926e1570871c5ff8aad9ad4a84981919
Size

469KB
Sample

241109-d6xl8swhnd
MD5

e3f7e402b4b5f8be08b933effbbf8c45
SHA1

c76ba949545c1e04fe8d55ef35a0bc91a0bf5e7d
SHA256

e68ea6e25a5cc8f64f181ae37db51547926e1570871c5ff8aad9ad4a84981919
SHA512

50ac1dfa2120025d926fc5748820bead05c8fe06753a4c89155dbd1fb7f79f82a13d3e959bfca8240644925dd758f91d782d212c29a5efeefd1699253a21b81c
SSDEEP

12288:5Mroy905um1lOHyedb3fihodC1nM7SFKEU:Ry/hF53qhodretU

Score

10^/10

redline fukia discovery infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  e68ea6e25a5cc8f64f181ae37db51547926e1570871c5ff8aad9ad4a84981919
- Size
  
  469KB
- MD5
  
  e3f7e402b4b5f8be08b933effbbf8c45
- SHA1
  
  c76ba949545c1e04fe8d55ef35a0bc91a0bf5e7d
- SHA256
  
  e68ea6e25a5cc8f64f181ae37db51547926e1570871c5ff8aad9ad4a84981919
- SHA512
  
  50ac1dfa2120025d926fc5748820bead05c8fe06753a4c89155dbd1fb7f79f82a13d3e959bfca8240644925dd758f91d782d212c29a5efeefd1699253a21b81c
- SSDEEP
  
  12288:5Mroy905um1lOHyedb3fihodC1nM7SFKEU:Ry/hF53qhodretU
Score

10^/10

redline fukia discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefukiadiscoveryinfostealerpersistence