Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    778KB

  • Sample

    230210-lpb8zagc7v

  • MD5

    2604ff9b653e2d6cba88b672d442c6ee

  • SHA1

    d8c768af12380547e316bf97b3069b9ae8a71504

  • SHA256

    f9f288324161f9e1045098c7af384337f67037ad8e2cd2a99737bf32cd613935

  • SHA512

    dc94b17d1374430c24f19b5f8aa2827ce84ba2bcbc69fc770c48cd22771176f89e430f79a3f259a1616c310ab2cfa234ee207c599ab1ea81f62556f06aaa256d

  • SSDEEP

    12288:lMrEy90odnOpsF8HQz8cVQXiUrSauJn14B+IYjWZ2nUaCHhg0CxbmOS/Vzu0bn6u:9yHIpsF0QztoXYjWZ2Ua6hg0YzS/Vfl

Score
10/10
redlinedubnaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

dubna

C2

193.233.20.11:4131

Attributes
  • auth_value

    f324b1269094b7462e56bab025f032f4

Targets

    • Target

      file

    • Size

      778KB

    • MD5

      2604ff9b653e2d6cba88b672d442c6ee

    • SHA1

      d8c768af12380547e316bf97b3069b9ae8a71504

    • SHA256

      f9f288324161f9e1045098c7af384337f67037ad8e2cd2a99737bf32cd613935

    • SHA512

      dc94b17d1374430c24f19b5f8aa2827ce84ba2bcbc69fc770c48cd22771176f89e430f79a3f259a1616c310ab2cfa234ee207c599ab1ea81f62556f06aaa256d

    • SSDEEP

      12288:lMrEy90odnOpsF8HQz8cVQXiUrSauJn14B+IYjWZ2nUaCHhg0CxbmOS/Vzu0bn6u:9yHIpsF0QztoXYjWZ2Ua6hg0YzS/Vfl

    Score
    10/10
    redlinedubnaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks