General

  • Target

    1464329747969616965cdc7dab631bd1bde38e09d9fb0c55ce2b2dbee5a4420a

  • Size

    1.1MB

  • Sample

    230514-y4wx5sfg3w

  • MD5

    dd5839e7b896ff9e33b78aa2a2ad7bb7

  • SHA1

    3936cfe4d9b24e953bdf52cbc019e599461c58d1

  • SHA256

    1464329747969616965cdc7dab631bd1bde38e09d9fb0c55ce2b2dbee5a4420a

  • SHA512

    b1e37131ca476dfab855287e6bb131a976a250fa2b1fa7bbe7014b94ab343da819e941c750e76603d3fc5cc7ad19decf71c6395e13a9d90cd0982ba2da69e504

  • SSDEEP

    24576:GyjAqGysuaFEDRsFLo975HM1CcHxkaA/Xw4:V83uBQUdJNcHxklX

Malware Config

Extracted

Family

redline

Botnet

linda

C2

185.161.248.75:4132

Attributes
  • auth_value

    21cdc21d041667b9c1679f88a1146770

Targets

    • Target

      1464329747969616965cdc7dab631bd1bde38e09d9fb0c55ce2b2dbee5a4420a

    • Size

      1.1MB

    • MD5

      dd5839e7b896ff9e33b78aa2a2ad7bb7

    • SHA1

      3936cfe4d9b24e953bdf52cbc019e599461c58d1

    • SHA256

      1464329747969616965cdc7dab631bd1bde38e09d9fb0c55ce2b2dbee5a4420a

    • SHA512

      b1e37131ca476dfab855287e6bb131a976a250fa2b1fa7bbe7014b94ab343da819e941c750e76603d3fc5cc7ad19decf71c6395e13a9d90cd0982ba2da69e504

    • SSDEEP

      24576:GyjAqGysuaFEDRsFLo975HM1CcHxkaA/Xw4:V83uBQUdJNcHxklX

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Tasks