General

  • Target

    2ef545d5423454bc033571b8b58d7fe5f80071013c578d070342b1934790d5f5

  • Size

    539KB

  • Sample

    230324-nsrh6sea46

  • MD5

    430fcde73c6a539ac6a1fbc4db1291f6

  • SHA1

    464c1300b1b37ec81d3c3eeb898b2e74edbaa171

  • SHA256

    2ef545d5423454bc033571b8b58d7fe5f80071013c578d070342b1934790d5f5

  • SHA512

    d35e865a674b3ff466e8523016ab51e325e97589a8b3678419e92f4f1215fac73fb45c6c59427095688c5d4d512ae98ae38bd0677e65c27f97090955bec1e99e

  • SSDEEP

    12288:JMrmy90GSpendpzgMW0+dKJl49U3eQC5djLSPfhgq:zyzSpy+ijeRdjLQhgq

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      2ef545d5423454bc033571b8b58d7fe5f80071013c578d070342b1934790d5f5

    • Size

      539KB

    • MD5

      430fcde73c6a539ac6a1fbc4db1291f6

    • SHA1

      464c1300b1b37ec81d3c3eeb898b2e74edbaa171

    • SHA256

      2ef545d5423454bc033571b8b58d7fe5f80071013c578d070342b1934790d5f5

    • SHA512

      d35e865a674b3ff466e8523016ab51e325e97589a8b3678419e92f4f1215fac73fb45c6c59427095688c5d4d512ae98ae38bd0677e65c27f97090955bec1e99e

    • SSDEEP

      12288:JMrmy90GSpendpzgMW0+dKJl49U3eQC5djLSPfhgq:zyzSpy+ijeRdjLQhgq

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks