Overview

overview

10

Static

static

3

181601784d...0f.exe

windows7-x64

10

181601784d...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    181601784d4587060ea55ac0186327efbfd05a917dea29617ccd866794871a0f.bin

  • Size

    1.5MB

  • Sample

    230506-zghbxaeh5t

  • MD5

    58f1cfb003304041bf25ddab60bd2b86

  • SHA1

    fbb0e85c966bfa5e954c103a5e83bc75763c938b

  • SHA256

    181601784d4587060ea55ac0186327efbfd05a917dea29617ccd866794871a0f

  • SHA512

    72f272611002d23c7ab8162b5d93c369bc07bbff78b095060f482c45896c83d051c72037c026c262fcf6a795f5ad5b849cb979262f8b22aa0047cef4648e7378

  • SSDEEP

    24576:nyYN8+cTwg0Er/mBtSB/b3WUxoj47mpl8E0tQoZ2ceZvBBFes3kHPgGdxR1:yYNbgVrytmTdoj47BE0+a2ceZvBR3APN

Score
10/10
redlinegenamostevasioninfostealerpersistencestealertrojan

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      181601784d4587060ea55ac0186327efbfd05a917dea29617ccd866794871a0f.bin

    • Size

      1.5MB

    • MD5

      58f1cfb003304041bf25ddab60bd2b86

    • SHA1

      fbb0e85c966bfa5e954c103a5e83bc75763c938b

    • SHA256

      181601784d4587060ea55ac0186327efbfd05a917dea29617ccd866794871a0f

    • SHA512

      72f272611002d23c7ab8162b5d93c369bc07bbff78b095060f482c45896c83d051c72037c026c262fcf6a795f5ad5b849cb979262f8b22aa0047cef4648e7378

    • SSDEEP

      24576:nyYN8+cTwg0Er/mBtSB/b3WUxoj47mpl8E0tQoZ2ceZvBBFes3kHPgGdxR1:yYNbgVrytmTdoj47BE0+a2ceZvBR3APN

    Score
    10/10
    redlinemostevasioninfostealerpersistencetrojangenastealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks