redline | f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812
Size

685KB
Sample

230328-j14q9abe7x
MD5

bc06d9a5ca6f8b1f80b0bd25eab15683
SHA1

4c5fd9b810eeb4b7da071a54a0f6bc8e5141b8b9
SHA256

f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812
SHA512

61fbcd003bb6f97abb9741e3195b85eb94d68ca2855970aeb9174b204ff59eb6db5b588d46cc61a7502991ffe46b0f126c044c86043680ad618ca0299fccdd0f
SSDEEP

12288:oMr0y90g4Q3OVLiSH6yjMGRwR5XQydUDtmiL3RG2KkN:8yTh3OVumjMcI5TsmiLsk

Score

10^/10

redline rosn evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812.exe

Resource

win10v2004-20230221-en

redline rosn evasion infostealer persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Targets

- Target
  
  f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812
- Size
  
  685KB
- MD5
  
  bc06d9a5ca6f8b1f80b0bd25eab15683
- SHA1
  
  4c5fd9b810eeb4b7da071a54a0f6bc8e5141b8b9
- SHA256
  
  f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812
- SHA512
  
  61fbcd003bb6f97abb9741e3195b85eb94d68ca2855970aeb9174b204ff59eb6db5b588d46cc61a7502991ffe46b0f126c044c86043680ad618ca0299fccdd0f
- SSDEEP
  
  12288:oMr0y90g4Q3OVLiSH6yjMGRwR5XQydUDtmiL3RG2KkN:8yTh3OVumjMcI5TsmiLsk
Score

10^/10

redline rosn evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinerosnevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy