redline | 95b68c3888c89d042ed27e639e0555e0b3a8262ab68a1a72af461493662d4450 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

95b68c3888c89d042ed27e639e0555e0b3a8262ab68a1a72af461493662d4450
Size

683KB
Sample

230328-jgpszsbd9s
MD5

862ffcc71d63e85e41df1391986aa0d4
SHA1

71b06733086f137ffa35bdcf4a0b946970f0ceb4
SHA256

95b68c3888c89d042ed27e639e0555e0b3a8262ab68a1a72af461493662d4450
SHA512

858ee48ad232016f894bc9de06bde22878118f9bd4d14ec1dc68734826f8b604d64bec3dc1c4707f4d52e591cb73647190fda0d5a89dd5b6e766ab85b4751945
SSDEEP

12288:kMr2y908oVrr2ULs7H1xMH0rxOzPNvh8pUPVmvL3ILJQ:iyEno1KH0rEJh8pAmvL4u

Score

10^/10

redline rosn evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

95b68c3888c89d042ed27e639e0555e0b3a8262ab68a1a72af461493662d4450.exe

Resource

win10v2004-20230220-en

redline rosn evasion infostealer persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Targets

- Target
  
  95b68c3888c89d042ed27e639e0555e0b3a8262ab68a1a72af461493662d4450
- Size
  
  683KB
- MD5
  
  862ffcc71d63e85e41df1391986aa0d4
- SHA1
  
  71b06733086f137ffa35bdcf4a0b946970f0ceb4
- SHA256
  
  95b68c3888c89d042ed27e639e0555e0b3a8262ab68a1a72af461493662d4450
- SHA512
  
  858ee48ad232016f894bc9de06bde22878118f9bd4d14ec1dc68734826f8b604d64bec3dc1c4707f4d52e591cb73647190fda0d5a89dd5b6e766ab85b4751945
- SSDEEP
  
  12288:kMr2y908oVrr2ULs7H1xMH0rxOzPNvh8pUPVmvL3ILJQ:iyEno1KH0rEJh8pAmvL4u
Score

10^/10

redline rosn evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinerosnevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy