redline | fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08 | Triage

Submit
Reports

Overview

overview

Static

static

1

fcc4605384...08.exe

windows7-x64

fcc4605384...08.exe

windows10-2004-x64

Sharing

General

Target

fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08
Size

832KB
Sample

230405-bpec8abb23
MD5

1f84e0b6a95a5fe23d40592f6a6f7554
SHA1

ef9eb5df7f4045d7b004e19986674c2c79dfb0d4
SHA256

fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08
SHA512

181c1ad898d7f8a6bbf6d766d6e6a0bc8d4e4271316ec4eadf6418ae7fd5fcab0e818849932526ff235d77a989649e7d1ee4dd12f0960fb460359ef45bc74736
SSDEEP

12288:SLUZH/VUan5w5mvBedKBlsXopctdTquivPgSwo0Z38ywgmPRI:gyUan5eWo8BlsXoarT7p8p1u

Score

10^/10

redline down evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08.exe

Resource

win7-20230220-en

redline down evasion infostealer persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08.exe

Resource

win10v2004-20230220-en

redline down evasion infostealer persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes

auth_value
12c31a90c72f5efae8c053a0bd339381

Targets

- Target
  
  fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08
- Size
  
  832KB
- MD5
  
  1f84e0b6a95a5fe23d40592f6a6f7554
- SHA1
  
  ef9eb5df7f4045d7b004e19986674c2c79dfb0d4
- SHA256
  
  fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08
- SHA512
  
  181c1ad898d7f8a6bbf6d766d6e6a0bc8d4e4271316ec4eadf6418ae7fd5fcab0e818849932526ff235d77a989649e7d1ee4dd12f0960fb460359ef45bc74736
- SSDEEP
  
  12288:SLUZH/VUan5w5mvBedKBlsXopctdTquivPgSwo0Z38ywgmPRI:gyUan5eWo8BlsXoarT7p8p1u
Score

10^/10

redline down evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedownevasioninfostealerpersistencetrojan

behavioral2

redlinedownevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy