redline | 31c01bd6bcf0b363e292968a5a76250d69bd253d58e80974d5ac0cdbd24e01d7 | Triage

Sharing

General

Target

b1f2fc5a81e68ab6a95ca05ec0ccd63a.bin
Size

1.0MB
Sample

230411-btawlahg44
MD5

1eda7d0da4cfe9de0c5efdded08aaab5
SHA1

08fb25615c6ee7df47e9c3c2321225649fda23d4
SHA256

31c01bd6bcf0b363e292968a5a76250d69bd253d58e80974d5ac0cdbd24e01d7
SHA512

4044c3dbb32fff272a4d0cba95cc321323f02dd78e09546e31df27403e6b8068db194f53a492b0d7e3aab73bfa13e9276b558e84a14e2ac1f4a7104b7beb4829
SSDEEP

24576:HiH+N7QKqQ5byTEU+osm2zWNdLREqGVwId8SQOi:HrN7QKqk2EU+o3vFWVwId8SNi

Score

10^/10

redline lenox norm evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes

auth_value
1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

lenox

C2

77.91.124.145:4125

Attributes

auth_value
a5c9c17a250a084c5fd706c1df7c2d4e

Targets

- Target
  
  524d7e16c4c30a4fdfce69072dac315987012644c0729903f58bb59eb2869824.exe
- Size
  
  1.1MB
- MD5
  
  b1f2fc5a81e68ab6a95ca05ec0ccd63a
- SHA1
  
  4f8ac877f4311dea63e77338a03f0c6bd78e58a3
- SHA256
  
  524d7e16c4c30a4fdfce69072dac315987012644c0729903f58bb59eb2869824
- SHA512
  
  941ea6d8daf590b1cd0653b4743c2a62a66750cafdfd7381cab8a3d2cd984e222bb2f1614bdbbd9bc3574b5bed19c4e8449b3b997fc0c57c0a852670406d7baa
- SSDEEP
  
  24576:0yg091YssYKPdNny2kMxvIdz0qbZX2zZIwEF8bYb9V3S:Dr1YsbKrnrkMxAd/mzZQF8sJB
Score

10^/10

redline lenox norm evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelenoxnormevasioninfostealerpersistencetrojan

behavioral2

redlinelenoxnormevasioninfostealerpersistencetrojan