General

  • Target

    f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812

  • Size

    685KB

  • Sample

    230328-j14q9abe7x

  • MD5

    bc06d9a5ca6f8b1f80b0bd25eab15683

  • SHA1

    4c5fd9b810eeb4b7da071a54a0f6bc8e5141b8b9

  • SHA256

    f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812

  • SHA512

    61fbcd003bb6f97abb9741e3195b85eb94d68ca2855970aeb9174b204ff59eb6db5b588d46cc61a7502991ffe46b0f126c044c86043680ad618ca0299fccdd0f

  • SSDEEP

    12288:oMr0y90g4Q3OVLiSH6yjMGRwR5XQydUDtmiL3RG2KkN:8yTh3OVumjMcI5TsmiLsk

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812

    • Size

      685KB

    • MD5

      bc06d9a5ca6f8b1f80b0bd25eab15683

    • SHA1

      4c5fd9b810eeb4b7da071a54a0f6bc8e5141b8b9

    • SHA256

      f77f9861e658ca8b07a80439861af436d2b7e2b852ed7f32c1ad0e5926585812

    • SHA512

      61fbcd003bb6f97abb9741e3195b85eb94d68ca2855970aeb9174b204ff59eb6db5b588d46cc61a7502991ffe46b0f126c044c86043680ad618ca0299fccdd0f

    • SSDEEP

      12288:oMr0y90g4Q3OVLiSH6yjMGRwR5XQydUDtmiL3RG2KkN:8yTh3OVumjMcI5TsmiLsk

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks