redline | 266fb387a48ec60f5e7ae3554a8b505c49858f34b91651167dc59526b5c5468d | Triage

Sharing

General

Target

266fb387a48ec60f5e7ae3554a8b505c49858f34b91651167dc59526b5c5468d
Size

1.1MB
Sample

230514-h6seqsdd41
MD5

fa4e8be86ac07119d6f4add2421f240e
SHA1

372e43313f62ccc145cb18711f411c8eef0220e8
SHA256

266fb387a48ec60f5e7ae3554a8b505c49858f34b91651167dc59526b5c5468d
SHA512

e2fa9e0b250362a784419e7f75997791749e060343e482781f47e597b842b87d62225ac6fe0c6c5e1160e6fcc17dbff1a4f4bacde49a04f3ddfc22f22f112c14
SSDEEP

24576:byyFz5jTTuoR7ac2j+iGPtQB2ZP3Dv423JjZePfW7eboCf:OyVhuop92S3PeUZPTzN17ebo

Score

10^/10

redline luka evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

luka

C2

185.161.248.75:4132

Attributes

auth_value
44560bcd37d6bf076da309730fdb519a

Targets

- Target
  
  266fb387a48ec60f5e7ae3554a8b505c49858f34b91651167dc59526b5c5468d
- Size
  
  1.1MB
- MD5
  
  fa4e8be86ac07119d6f4add2421f240e
- SHA1
  
  372e43313f62ccc145cb18711f411c8eef0220e8
- SHA256
  
  266fb387a48ec60f5e7ae3554a8b505c49858f34b91651167dc59526b5c5468d
- SHA512
  
  e2fa9e0b250362a784419e7f75997791749e060343e482781f47e597b842b87d62225ac6fe0c6c5e1160e6fcc17dbff1a4f4bacde49a04f3ddfc22f22f112c14
- SSDEEP
  
  24576:byyFz5jTTuoR7ac2j+iGPtQB2ZP3Dv423JjZePfW7eboCf:OyVhuop92S3PeUZPTzN17ebo
Score

10^/10

redline luka evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelukaevasioninfostealerpersistencetrojan