redline | b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45 | Triage

Sharing

General

Target

b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45
Size

1.4MB
Sample

230502-nllpcacf8x
MD5

fc52ef2abd7dc53e96a0d088d86262c6
SHA1

68e1322297f8e8c334f2c01bef2f33ff6e9be97f
SHA256

b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45
SHA512

1a06cc690a15695bd91dba1bd42d378bc4ab766847168c1e21aace37ba4681dc58bc4bc046c1c3588b26fd1aace367725a6c396ca8f5043415aaf98168dbf532
SSDEEP

24576:LyglBnknVcos43MaSTAL4rSYD0DYB9aDUIXpx04I4DcTqSoQGks7YoVhudigReHk:+glxe04tzDPM9aDx04I4Dc81ksEGh2bW

Score

10^/10

redline massa evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

massa

C2

185.161.248.73:4164

Attributes

auth_value
413bf908ab27d959c62bef532780f511

Targets

- Target
  
  b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45
- Size
  
  1.4MB
- MD5
  
  fc52ef2abd7dc53e96a0d088d86262c6
- SHA1
  
  68e1322297f8e8c334f2c01bef2f33ff6e9be97f
- SHA256
  
  b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45
- SHA512
  
  1a06cc690a15695bd91dba1bd42d378bc4ab766847168c1e21aace37ba4681dc58bc4bc046c1c3588b26fd1aace367725a6c396ca8f5043415aaf98168dbf532
- SSDEEP
  
  24576:LyglBnknVcos43MaSTAL4rSYD0DYB9aDUIXpx04I4DcTqSoQGks7YoVhudigReHk:+glxe04tzDPM9aDx04I4Dc81ksEGh2bW
Score

10^/10

redline massa evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemassaevasioninfostealerpersistencetrojan