Overview

overview

10

Static

static

1

02341b4bb6...f0.exe

windows7-x64

10

02341b4bb6...f0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    02341b4bb63ad4f99261e12c7f70fb9f503ef094ed14ab308d7e8aa4d015a4f0

  • Size

    600KB

  • Sample

    230306-ddxrjaad24

  • MD5

    3e0bc3bf6087599120095c83924b10eb

  • SHA1

    ebd68b578b7ef26ca23e926eb5d7a9ef9107170d

  • SHA256

    02341b4bb63ad4f99261e12c7f70fb9f503ef094ed14ab308d7e8aa4d015a4f0

  • SHA512

    302d0003eca62962a0a184fab437517c01cf0f9640314010b20c279686f6d24f9a0a0f48a52368d8835a7468a13669e624c1cac49624be93a61fa6bab7a3157f

  • SSDEEP

    12288:yiqMFqi1VrEpCotyUk0RcdKTNF7rUIjXwY1HrKSSU/i:ySqi13otyyReOLVjXwYCr

Score
10/10
redlineredkoevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

redko

C2

62.204.41.170:4179

Attributes
  • auth_value

    9bcf7b0620ff067017d66b9a5d80b547

Targets

    • Target

      02341b4bb63ad4f99261e12c7f70fb9f503ef094ed14ab308d7e8aa4d015a4f0

    • Size

      600KB

    • MD5

      3e0bc3bf6087599120095c83924b10eb

    • SHA1

      ebd68b578b7ef26ca23e926eb5d7a9ef9107170d

    • SHA256

      02341b4bb63ad4f99261e12c7f70fb9f503ef094ed14ab308d7e8aa4d015a4f0

    • SHA512

      302d0003eca62962a0a184fab437517c01cf0f9640314010b20c279686f6d24f9a0a0f48a52368d8835a7468a13669e624c1cac49624be93a61fa6bab7a3157f

    • SSDEEP

      12288:yiqMFqi1VrEpCotyUk0RcdKTNF7rUIjXwY1HrKSSU/i:ySqi13otyyReOLVjXwYCr

    Score
    10/10
    redlineredkoevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks