Overview

overview

10

Static

static

3

1dcec781dd...e3.exe

windows7-x64

10

1dcec781dd...e3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1dcec781dd422ee7b1dd3a51a20443d3b05a1403bd02aed63c1198b7517cd4e3

  • Size

    1.0MB

  • Sample

    230518-q1dndsac5z

  • MD5

    789c11d4c2ec665776bbd1c10dfa1ab0

  • SHA1

    397b03bfc3672e6b1cb1bb30d7d2fbb218406b3b

  • SHA256

    1dcec781dd422ee7b1dd3a51a20443d3b05a1403bd02aed63c1198b7517cd4e3

  • SHA512

    12168ad60363c9032ea2be6fe605f09ee15f00caefd4ab38e6afa458a31d14e8bd40735d2f9d173b9340f0df8262eb2204a85f77602a8e3997b3552352896825

  • SSDEEP

    24576:ayBIjk269GhaSFofLigevdUHEaqG7m8G9Js:hBIDhHof+zYqwY/

Score
10/10
redlinemusorevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

musor

C2

185.161.248.25:4132

Attributes
  • auth_value

    b044e31277d21cb0a56d9461e5e741d5

Targets

    • Target

      1dcec781dd422ee7b1dd3a51a20443d3b05a1403bd02aed63c1198b7517cd4e3

    • Size

      1.0MB

    • MD5

      789c11d4c2ec665776bbd1c10dfa1ab0

    • SHA1

      397b03bfc3672e6b1cb1bb30d7d2fbb218406b3b

    • SHA256

      1dcec781dd422ee7b1dd3a51a20443d3b05a1403bd02aed63c1198b7517cd4e3

    • SHA512

      12168ad60363c9032ea2be6fe605f09ee15f00caefd4ab38e6afa458a31d14e8bd40735d2f9d173b9340f0df8262eb2204a85f77602a8e3997b3552352896825

    • SSDEEP

      24576:ayBIjk269GhaSFofLigevdUHEaqG7m8G9Js:hBIDhHof+zYqwY/

    Score
    10/10
    redlinemusorevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks