General

  • Target

    e0b4e38dc7f1d309c24bcbc7dcad8426e9714a081eeb75547436f276707285f2

  • Size

    1.1MB

  • Sample

    230514-1ykc9sga3x

  • MD5

    3b28ad7a0995e2956b465f0981629aa0

  • SHA1

    9a8c79a405cbd15e19ad930064d28ac931941e10

  • SHA256

    e0b4e38dc7f1d309c24bcbc7dcad8426e9714a081eeb75547436f276707285f2

  • SHA512

    44b4dd11cd8e1fd5c592c84ca0e372dda80a6e8f24db9ebfdd9cc3c65292c0357acdf8824fae44cec0f08a482fc8204dbe4105ae978183395eb0670438b47b7a

  • SSDEEP

    24576:/yxx/wfTTZ8+VlbgF4QO3/v7cX9Yvfz4G39ia8lqyMiTZshMjEOmcL:Kxx/wfTTZFVl8qQapzjx8TMiTq2jEOmc

Malware Config

Extracted

Family

redline

Botnet

linda

C2

185.161.248.75:4132

Attributes
  • auth_value

    21cdc21d041667b9c1679f88a1146770

Targets

    • Target

      e0b4e38dc7f1d309c24bcbc7dcad8426e9714a081eeb75547436f276707285f2

    • Size

      1.1MB

    • MD5

      3b28ad7a0995e2956b465f0981629aa0

    • SHA1

      9a8c79a405cbd15e19ad930064d28ac931941e10

    • SHA256

      e0b4e38dc7f1d309c24bcbc7dcad8426e9714a081eeb75547436f276707285f2

    • SHA512

      44b4dd11cd8e1fd5c592c84ca0e372dda80a6e8f24db9ebfdd9cc3c65292c0357acdf8824fae44cec0f08a482fc8204dbe4105ae978183395eb0670438b47b7a

    • SSDEEP

      24576:/yxx/wfTTZ8+VlbgF4QO3/v7cX9Yvfz4G39ia8lqyMiTZshMjEOmcL:Kxx/wfTTZFVl8qQapzjx8TMiTq2jEOmc

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Tasks