General

  • Target

    d9bcc89f497c06ca7468192139807f3f7b7d6087c5ca9e2d18208ca7f8d7a50f

  • Size

    539KB

  • Sample

    230324-np3r2aga9z

  • MD5

    5f3d320e976257a2c1cf50681e580d1d

  • SHA1

    f9ef47fc73909076353e4e403789918135ee0474

  • SHA256

    d9bcc89f497c06ca7468192139807f3f7b7d6087c5ca9e2d18208ca7f8d7a50f

  • SHA512

    e788a5e9ce071ebac35f177eaf952716a536bd891454fe90ce94a2e15f926d8e5e258fd36ec89fb44eb39881c93cdd8ba4a339d3b2e4a1025972f88288572640

  • SSDEEP

    12288:6Mrsy90GonhnMIhBncRMWyWls9UJEQCtdO+HNyQWYgb:6y7ShMIHcmbW5EFdRtyD

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      d9bcc89f497c06ca7468192139807f3f7b7d6087c5ca9e2d18208ca7f8d7a50f

    • Size

      539KB

    • MD5

      5f3d320e976257a2c1cf50681e580d1d

    • SHA1

      f9ef47fc73909076353e4e403789918135ee0474

    • SHA256

      d9bcc89f497c06ca7468192139807f3f7b7d6087c5ca9e2d18208ca7f8d7a50f

    • SHA512

      e788a5e9ce071ebac35f177eaf952716a536bd891454fe90ce94a2e15f926d8e5e258fd36ec89fb44eb39881c93cdd8ba4a339d3b2e4a1025972f88288572640

    • SSDEEP

      12288:6Mrsy90GonhnMIhBncRMWyWls9UJEQCtdO+HNyQWYgb:6y7ShMIHcmbW5EFdRtyD

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks