redline | 005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b | Triage

Submit
Reports

Overview

overview

Static

static

1

005ac28c40...5b.exe

windows7-x64

005ac28c40...5b.exe

windows10-2004-x64

Sharing

General

Target

005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.bin
Size

560KB
Sample

230311-24qb5sdf3t
MD5

85709b808f7848d4905050bdaff8ebc5
SHA1

4e763e68036b23ab0765c316a6678f406a82a0b6
SHA256

005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b
SHA512

489d1caee7303bb4c7d76de6f32249421308dfb75b13de31ed63e20ab500978bbb5aef8c5d88aa577d4cf373889778b04ee8673b3c645eec57041b8c4ffb679f
SSDEEP

12288:6Mrjy90dgnja1evLjX2BPHCnaaUrFfVGKT/5aXBCZMte6:1yQgnjyeH2pHCn3UrFfPaiEe6

Score

10^/10

redline fud evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.exe

Resource

win7-20230220-en

redline fud evasion infostealer persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.exe

Resource

win10v2004-20230221-en

redline fud evasion infostealer persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes

auth_value
cddc991efd6918ad5321d80dac884b40

Targets

- Target
  
  005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.bin
- Size
  
  560KB
- MD5
  
  85709b808f7848d4905050bdaff8ebc5
- SHA1
  
  4e763e68036b23ab0765c316a6678f406a82a0b6
- SHA256
  
  005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b
- SHA512
  
  489d1caee7303bb4c7d76de6f32249421308dfb75b13de31ed63e20ab500978bbb5aef8c5d88aa577d4cf373889778b04ee8673b3c645eec57041b8c4ffb679f
- SSDEEP
  
  12288:6Mrjy90dgnja1evLjX2BPHCnaaUrFfVGKT/5aXBCZMte6:1yQgnjyeH2pHCn3UrFfPaiEe6
Score

10^/10

redline fud evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefudevasioninfostealerpersistencetrojan

behavioral2

redlinefudevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy