redline | e5111c6533c0009b6277702edb5e569a22e7c9ff85d08c227a2ada62a5e73d96 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

e5111c6533c0009b6277702edb5e569a22e7c9ff85d08c227a2ada62a5e73d96
Size

708KB
Sample

230411-nyd52adh4s
MD5

66ba1ecd2f68a65a2fe5204d48967cd3
SHA1

34bb218ff4ad2ef317ad130849a6848af4479b56
SHA256

e5111c6533c0009b6277702edb5e569a22e7c9ff85d08c227a2ada62a5e73d96
SHA512

9c8ec2a613182c79d224ab05523dc8c4be534f89ac2c4d61b64653af3d5c5c51080b99e3fea12486d0dbc8dba23397c724de9b20e2a860a30a2626a98bebe132
SSDEEP

12288:3Mrkay90D0TW3T1xA1yefJchDYvKuTULm/tRixa24jc+J3z7OUqpdU1U6:eyKxmy42BY8SRyabjVQPI

Score

10^/10

redline rosn evasion infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e5111c6533c0009b6277702edb5e569a22e7c9ff85d08c227a2ada62a5e73d96.exe

Resource

win10v2004-20230220-en

redline rosn evasion infostealer persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Targets

- Target
  
  e5111c6533c0009b6277702edb5e569a22e7c9ff85d08c227a2ada62a5e73d96
- Size
  
  708KB
- MD5
  
  66ba1ecd2f68a65a2fe5204d48967cd3
- SHA1
  
  34bb218ff4ad2ef317ad130849a6848af4479b56
- SHA256
  
  e5111c6533c0009b6277702edb5e569a22e7c9ff85d08c227a2ada62a5e73d96
- SHA512
  
  9c8ec2a613182c79d224ab05523dc8c4be534f89ac2c4d61b64653af3d5c5c51080b99e3fea12486d0dbc8dba23397c724de9b20e2a860a30a2626a98bebe132
- SSDEEP
  
  12288:3Mrkay90D0TW3T1xA1yefJchDYvKuTULm/tRixa24jc+J3z7OUqpdU1U6:eyKxmy42BY8SRyabjVQPI
Score

10^/10

redline rosn evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinerosnevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy