redline | 97217a5450afdd09ee0db78400387d9eb7f156f54fed2f11e70acdf8d5f31a53 | Triage

Sharing

General

Target

97217a5450afdd09ee0db78400387d9eb7f156f54fed2f11e70acdf8d5f31a53
Size

1.1MB
Sample

230514-cepxmsac99
MD5

52011915594ab84d34be1739365728fa
SHA1

f9b7ac6bb1bccd282dbb5366c6770318e7bb5669
SHA256

97217a5450afdd09ee0db78400387d9eb7f156f54fed2f11e70acdf8d5f31a53
SHA512

5061dbee8887ec073c1dc17338206b4c26d79088ad50f4535c6174ea7d50d706fa825415e71c09bb4d1c90cd2e7e93bec4aee0fe1f1fd877d09602426b6f3f95
SSDEEP

24576:xygQGYQMBNzJXXbUe03yv3abn+3DNQN21yj1fhaMcqAUCb:kgRr4gJ3yQyNQN21Cf

Score

10^/10

redline luka evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

luka

C2

185.161.248.75:4132

Attributes

auth_value
44560bcd37d6bf076da309730fdb519a

Targets

- Target
  
  97217a5450afdd09ee0db78400387d9eb7f156f54fed2f11e70acdf8d5f31a53
- Size
  
  1.1MB
- MD5
  
  52011915594ab84d34be1739365728fa
- SHA1
  
  f9b7ac6bb1bccd282dbb5366c6770318e7bb5669
- SHA256
  
  97217a5450afdd09ee0db78400387d9eb7f156f54fed2f11e70acdf8d5f31a53
- SHA512
  
  5061dbee8887ec073c1dc17338206b4c26d79088ad50f4535c6174ea7d50d706fa825415e71c09bb4d1c90cd2e7e93bec4aee0fe1f1fd877d09602426b6f3f95
- SSDEEP
  
  24576:xygQGYQMBNzJXXbUe03yv3abn+3DNQN21yj1fhaMcqAUCb:kgRr4gJ3yQyNQN21Cf
Score

10^/10

redline luka evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelukaevasioninfostealerpersistencetrojan