Overview

overview

10

Static

static

1

010028db1a...0c.exe

windows7-x64

10

010028db1a...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    010028db1ab1a029e6710017c566599e0f66c4c7868b8b43e3577038d773c70c.bin

  • Size

    974KB

  • Sample

    230311-26bxjabg99

  • MD5

    f3588348e684ce7bc4f43ddb7c5fe88b

  • SHA1

    7c239f555c4837497d2f33b38339ba45a0ad7d02

  • SHA256

    010028db1ab1a029e6710017c566599e0f66c4c7868b8b43e3577038d773c70c

  • SHA512

    749fffed4b5ce623a91150949866f88d527137edecc5fc799c6443eedbaef51e210ffcf693acb06d98de7589907bd40bebb5eb1a147e079fa83d9b90c94d0f2f

  • SSDEEP

    24576:EyOKeVZm8O5pXNowJmPaPWLFLXInMhjfQK50L:TOKejT+fHOaQL4+jf50

Score
10/10
redlinerostoevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      010028db1ab1a029e6710017c566599e0f66c4c7868b8b43e3577038d773c70c.bin

    • Size

      974KB

    • MD5

      f3588348e684ce7bc4f43ddb7c5fe88b

    • SHA1

      7c239f555c4837497d2f33b38339ba45a0ad7d02

    • SHA256

      010028db1ab1a029e6710017c566599e0f66c4c7868b8b43e3577038d773c70c

    • SHA512

      749fffed4b5ce623a91150949866f88d527137edecc5fc799c6443eedbaef51e210ffcf693acb06d98de7589907bd40bebb5eb1a147e079fa83d9b90c94d0f2f

    • SSDEEP

      24576:EyOKeVZm8O5pXNowJmPaPWLFLXInMhjfQK50L:TOKejT+fHOaQL4+jf50

    Score
    10/10
    redlinerostoevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks