redline | 3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7 | Triage

Sharing

General

Target

3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7
Size

1.2MB
Sample

230506-1da9vsac51
MD5

9cf7f51516771e62d4560302dfd9fed4
SHA1

402f81d97740636dbd8e9d04d5e8d9a59ecd44f1
SHA256

3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7
SHA512

9235f7b74e7d3f6d1e8e7906ad66fd623dc9bc82f27a005ee63d8f55f0158cb95480ff99376ae711cd131d15b60a99e1b2b6a97e9afb147483a2723cbb77d8d6
SSDEEP

24576:ky0NGasfqF5mdhzjdXLyTfokn98YoLSgBHIxmhUsmmsNMRf:zLasfLhzjFq2X9BuOUsCN

Score

10^/10

redline luna evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

luna

C2

217.196.96.56:4138

Attributes

auth_value
16dec8addb01db1c11c59667022ef7a2

Targets

- Target
  
  3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7
- Size
  
  1.2MB
- MD5
  
  9cf7f51516771e62d4560302dfd9fed4
- SHA1
  
  402f81d97740636dbd8e9d04d5e8d9a59ecd44f1
- SHA256
  
  3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7
- SHA512
  
  9235f7b74e7d3f6d1e8e7906ad66fd623dc9bc82f27a005ee63d8f55f0158cb95480ff99376ae711cd131d15b60a99e1b2b6a97e9afb147483a2723cbb77d8d6
- SSDEEP
  
  24576:ky0NGasfqF5mdhzjdXLyTfokn98YoLSgBHIxmhUsmmsNMRf:zLasfLhzjFq2X9BuOUsCN
Score

10^/10

redline luna evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelunaevasioninfostealerpersistencetrojan

behavioral2

evasionpersistencetrojan