redline | 0dd2e4db88ece27afd97074ce5a919b60825eb9855117444cc307a5d3f5e9bef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dd2e4db88ece27afd97074ce5a919b60825eb9855117444cc307a5d3f5e9bef
Size

820KB
Sample

230215-11d92aeb3z
MD5

37c446fe7aee325429b5868583f6e822
SHA1

37b6d4694848e3a7d81959a96e092380babefbb4
SHA256

0dd2e4db88ece27afd97074ce5a919b60825eb9855117444cc307a5d3f5e9bef
SHA512

c3c437081851382c18af8956bc2122c699ae99568a0c9d9840ca766c733153ff7750f283e7f522524e4854bd98503a81f58a7d1ef020d0509e0986228dc21bcf
SSDEEP

12288:KMrmy90ci01T5tuJumYuuxfmKke34OLYpqcZAwNEMS/wHTQUZblN6hVZTpj:Qyk0luJumewu3YprAwNEMI6VbP6Tv

Score

10^/10

redline dubka discovery evasion infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

dubka

C2

193.233.20.13:4136

Attributes

auth_value
e5a9421183a033f283b2f23139b471f0

Targets

- Target
  
  0dd2e4db88ece27afd97074ce5a919b60825eb9855117444cc307a5d3f5e9bef
- Size
  
  820KB
- MD5
  
  37c446fe7aee325429b5868583f6e822
- SHA1
  
  37b6d4694848e3a7d81959a96e092380babefbb4
- SHA256
  
  0dd2e4db88ece27afd97074ce5a919b60825eb9855117444cc307a5d3f5e9bef
- SHA512
  
  c3c437081851382c18af8956bc2122c699ae99568a0c9d9840ca766c733153ff7750f283e7f522524e4854bd98503a81f58a7d1ef020d0509e0986228dc21bcf
- SSDEEP
  
  12288:KMrmy90ci01T5tuJumYuuxfmKke34OLYpqcZAwNEMS/wHTQUZblN6hVZTpj:Qyk0luJumewu3YprAwNEMI6VbP6Tv
Score

10^/10

redline dubka discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedubkadiscoveryevasioninfostealerpersistencespywarestealertrojan