redline | 4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
Size

1011KB
Sample

230324-ntc26sgb31
MD5

94cc7ca058f0b33c9496a6de7650beda
SHA1

23bcc7fa3bf698edf5e26f41a8f22646039eb1a9
SHA256

4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
SHA512

17cebbc051705eb6f1b1a90ca8a9bf7ccbd8c6ce9d8b4e62cd961c6ef8c0b1b237a5896e2bcba1c8926df2f1265bc3864a90e1f8162330126bbb46c2a7668279
SSDEEP

24576:JyVIW200fzL3eE5SVKpKtHe7C8NsNs14kLdeaXd+yuxWIkXp7L:88LoVuKACGsNs1VLkat+yWWd

Score

10^/10

redline down evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a.exe

Resource

win10v2004-20230220-en

redline down evasion infostealer persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes

auth_value
12c31a90c72f5efae8c053a0bd339381

Targets

- Target
  
  4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
- Size
  
  1011KB
- MD5
  
  94cc7ca058f0b33c9496a6de7650beda
- SHA1
  
  23bcc7fa3bf698edf5e26f41a8f22646039eb1a9
- SHA256
  
  4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
- SHA512
  
  17cebbc051705eb6f1b1a90ca8a9bf7ccbd8c6ce9d8b4e62cd961c6ef8c0b1b237a5896e2bcba1c8926df2f1265bc3864a90e1f8162330126bbb46c2a7668279
- SSDEEP
  
  24576:JyVIW200fzL3eE5SVKpKtHe7C8NsNs14kLdeaXd+yuxWIkXp7L:88LoVuKACGsNs1VLkat+yWWd
Score

10^/10

redline down evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedownevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy