Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    852KB

  • Sample

    230418-jcyv4aac24

  • MD5

    9242073efee74a0b32156d931e70d902

  • SHA1

    19bba236a058e4083fcfc3771b75ca73e1b4522c

  • SHA256

    ff19ac956ccbf295cf9364d8cca046c7bd4c01758ae584e518d232f7d79cbf2c

  • SHA512

    e08f0778e968ad2b0f29a9ff9a5ca0ebc0f91b7bc5bc3f2cbcb18da01e1522c5e26591fb71869593ea634f51e9dcd05b78f53a1a61ef51f8fb91d2865f85e3b0

  • SSDEEP

    24576:syFs53JHim2gszlC/iftA2238wJON1Au2:bFs59im2zz2iftTS8v1

Score
10/10
redlinedizaladaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      tmp

    • Size

      852KB

    • MD5

      9242073efee74a0b32156d931e70d902

    • SHA1

      19bba236a058e4083fcfc3771b75ca73e1b4522c

    • SHA256

      ff19ac956ccbf295cf9364d8cca046c7bd4c01758ae584e518d232f7d79cbf2c

    • SHA512

      e08f0778e968ad2b0f29a9ff9a5ca0ebc0f91b7bc5bc3f2cbcb18da01e1522c5e26591fb71869593ea634f51e9dcd05b78f53a1a61ef51f8fb91d2865f85e3b0

    • SSDEEP

      24576:syFs53JHim2gszlC/iftA2238wJON1Au2:bFs59im2zz2iftTS8v1

    Score
    10/10
    redlinedizaladaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks