General

  • Target

    4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a

  • Size

    1011KB

  • Sample

    230324-ntc26sgb31

  • MD5

    94cc7ca058f0b33c9496a6de7650beda

  • SHA1

    23bcc7fa3bf698edf5e26f41a8f22646039eb1a9

  • SHA256

    4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a

  • SHA512

    17cebbc051705eb6f1b1a90ca8a9bf7ccbd8c6ce9d8b4e62cd961c6ef8c0b1b237a5896e2bcba1c8926df2f1265bc3864a90e1f8162330126bbb46c2a7668279

  • SSDEEP

    24576:JyVIW200fzL3eE5SVKpKtHe7C8NsNs14kLdeaXd+yuxWIkXp7L:88LoVuKACGsNs1VLkat+yWWd

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a

    • Size

      1011KB

    • MD5

      94cc7ca058f0b33c9496a6de7650beda

    • SHA1

      23bcc7fa3bf698edf5e26f41a8f22646039eb1a9

    • SHA256

      4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a

    • SHA512

      17cebbc051705eb6f1b1a90ca8a9bf7ccbd8c6ce9d8b4e62cd961c6ef8c0b1b237a5896e2bcba1c8926df2f1265bc3864a90e1f8162330126bbb46c2a7668279

    • SSDEEP

      24576:JyVIW200fzL3eE5SVKpKtHe7C8NsNs14kLdeaXd+yuxWIkXp7L:88LoVuKACGsNs1VLkat+yWWd

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Tasks