redline | bbb990023ae2222eca1c0dde10b916ab1079e89634681546a3351821c0353741 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

bbb990023ae2222eca1c0dde10b916ab1079e89634681546a3351821c0353741
Size

875KB
Sample

230315-h6j4csea2t
MD5

34df3b34ca269169ab45969d37d2bb41
SHA1

c38af40a551aa77493785711fc8b259ba1461991
SHA256

bbb990023ae2222eca1c0dde10b916ab1079e89634681546a3351821c0353741
SHA512

1131b8c96dd2f03046680ff34a11ca7f89dc274f65340c7c88f8f71edf68f5e1a1ad4fcb967bde59a53e1118343b299db8172e6c2a1605edb6c41d85928f6e59
SSDEEP

12288:PMrxy90J+U5Ly76h3lP573nscdjdCfwBc6tgzzprU4jXSPaShGSAxbX+qVjVO/DT:Cy05Ly761l5g8jdCKCG4ePaXS94hObT

Score

10^/10

redline mango evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

bbb990023ae2222eca1c0dde10b916ab1079e89634681546a3351821c0353741.exe

Resource

win10v2004-20230220-en

redline mango evasion infostealer persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  bbb990023ae2222eca1c0dde10b916ab1079e89634681546a3351821c0353741
- Size
  
  875KB
- MD5
  
  34df3b34ca269169ab45969d37d2bb41
- SHA1
  
  c38af40a551aa77493785711fc8b259ba1461991
- SHA256
  
  bbb990023ae2222eca1c0dde10b916ab1079e89634681546a3351821c0353741
- SHA512
  
  1131b8c96dd2f03046680ff34a11ca7f89dc274f65340c7c88f8f71edf68f5e1a1ad4fcb967bde59a53e1118343b299db8172e6c2a1605edb6c41d85928f6e59
- SSDEEP
  
  12288:PMrxy90J+U5Ly76h3lP573nscdjdCfwBc6tgzzprU4jXSPaShGSAxbX+qVjVO/DT:Cy05Ly761l5g8jdCKCG4ePaXS94hObT
Score

10^/10

redline mango evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemangoevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy