redline | 287fdea18e4115d6cd36b0c9d50a0ce5ac252bf49f079784639f2c768138b3db | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

287fdea18e4115d6cd36b0c9d50a0ce5ac252bf49f079784639f2c768138b3db
Size

1.3MB
Sample

230321-wew6haec6w
MD5

f6f9a39d31491c71f344776d1b20f5f5
SHA1

228ff3281e03f5376fd53bc92341f52e350b3491
SHA256

287fdea18e4115d6cd36b0c9d50a0ce5ac252bf49f079784639f2c768138b3db
SHA512

e3160c3ad98a42ea7dcc2ce4399018e213babd95e2fb67f4da46d6009f238d928ca29e41b73debd971ce981492cd3f1cc29847ec8d87e61fc5f270bd855705aa
SSDEEP

24576:tF1nHyFZau43z3+pRsoJXSUMHI1ogR6ghfPfu7z5f3:tY43b+L1gUMHIugMYf2

Score

10^/10

redline gena evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

287fdea18e4115d6cd36b0c9d50a0ce5ac252bf49f079784639f2c768138b3db.exe

Resource

win10-20230220-en

redline gena evasion infostealer persistence trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes

auth_value
93c20961cb6b06b2d5781c212db6201e

Targets

- Target
  
  287fdea18e4115d6cd36b0c9d50a0ce5ac252bf49f079784639f2c768138b3db
- Size
  
  1.3MB
- MD5
  
  f6f9a39d31491c71f344776d1b20f5f5
- SHA1
  
  228ff3281e03f5376fd53bc92341f52e350b3491
- SHA256
  
  287fdea18e4115d6cd36b0c9d50a0ce5ac252bf49f079784639f2c768138b3db
- SHA512
  
  e3160c3ad98a42ea7dcc2ce4399018e213babd95e2fb67f4da46d6009f238d928ca29e41b73debd971ce981492cd3f1cc29847ec8d87e61fc5f270bd855705aa
- SSDEEP
  
  24576:tF1nHyFZau43z3+pRsoJXSUMHI1ogR6ghfPfu7z5f3:tY43b+L1gUMHIugMYf2
Score

10^/10

redline gena evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinegenaevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy