redline | 33bffb5ddf5cf005a99706ab3efc3459b10f12792d5c2fb5be82999c3b5be9f9 | Triage

Sharing

General

Target

be75c1da479fdff5d293e6c822bb0c8f.bin
Size

883KB
Sample

230411-bxqq8abc8t
MD5

547a5826aae494d7db6130336a9b1d6b
SHA1

1528f386d4674e972b852568d81567f94b652988
SHA256

33bffb5ddf5cf005a99706ab3efc3459b10f12792d5c2fb5be82999c3b5be9f9
SHA512

3bca5d746371d2be029832867de2de2adc8296622a6efbb37d1a0715394ec0c8e1cc0656ae23cdff536e705736a680e3da81a3b5e2e5a0f7ae47bc6e91574a4e
SSDEEP

24576:rGdphEQa/OAdYI8BQv9D0+2rsjHEItdv6hwkzhizShtaW1z2+9CkUs:rGd7EQPAdYII2R0toHPdqw4iGhtn1C+1

Score

10^/10

redline dezik norm evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes

auth_value
1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dezik

C2

77.91.124.145:4125

Attributes

auth_value
afab3a79f84bd5003ef2824211bcf14e

Targets

- Target
  
  a0dc6768e8543ec553819e4c8e3bedea847764c36889efa4adc747be2f755f57.exe
- Size
  
  927KB
- MD5
  
  be75c1da479fdff5d293e6c822bb0c8f
- SHA1
  
  e412264e6cc0e8e4f512779bedf0b9e6d7a2e1bb
- SHA256
  
  a0dc6768e8543ec553819e4c8e3bedea847764c36889efa4adc747be2f755f57
- SHA512
  
  4a19bca52a81531cfef9ee536de64dd96aaa07da72e4712870e8e02c40ab8ff06c8d4474213e9178285688f50cc79d7155836e0aefe19ac92143d9d10b919821
- SSDEEP
  
  24576:gy/Bno74xTL+rLzlGruNlcCFYDN9CtEtf:nFy3lGStFQCyt
Score

10^/10

redline dezik norm evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedeziknormevasioninfostealerpersistencetrojan

behavioral2

redlinedeziknormevasioninfostealerpersistencetrojan