redline | 01c330edefb4acc90d976f10d2b4fb70598a851d9302f602d1d3ca0142081057 | Triage

Sharing

General

Target

01c330edefb4acc90d976f10d2b4fb70598a851d9302f602d1d3ca0142081057
Size

1.0MB
Sample

230518-qwrdpaah63
MD5

cc71f40498be02922561ffb0c42c158f
SHA1

52f2af9aa5d6c6a92ce82af9ffffccfa38db4943
SHA256

01c330edefb4acc90d976f10d2b4fb70598a851d9302f602d1d3ca0142081057
SHA512

0ed4949d45cdc60bded6d643804d8953e11667c2205296b308e0124001e1878e2eeabccb7a2f81e95f621a6c19ff6558baef30dac3317e8a2e365839cd4c88a4
SSDEEP

24576:4yWvlIkLUusmLmNioKpUkg9+EugAh3CSru5+w5E3S8QxiYeCo23:/ElDLKJNiJRg9+T8558QYt

Score

10^/10

redline musor evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

musor

C2

185.161.248.25:4132

Attributes

auth_value
b044e31277d21cb0a56d9461e5e741d5

Targets

- Target
  
  01c330edefb4acc90d976f10d2b4fb70598a851d9302f602d1d3ca0142081057
- Size
  
  1.0MB
- MD5
  
  cc71f40498be02922561ffb0c42c158f
- SHA1
  
  52f2af9aa5d6c6a92ce82af9ffffccfa38db4943
- SHA256
  
  01c330edefb4acc90d976f10d2b4fb70598a851d9302f602d1d3ca0142081057
- SHA512
  
  0ed4949d45cdc60bded6d643804d8953e11667c2205296b308e0124001e1878e2eeabccb7a2f81e95f621a6c19ff6558baef30dac3317e8a2e365839cd4c88a4
- SSDEEP
  
  24576:4yWvlIkLUusmLmNioKpUkg9+EugAh3CSru5+w5E3S8QxiYeCo23:/ElDLKJNiJRg9+T8558QYt
Score

10^/10

redline musor evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemusorevasioninfostealerpersistencetrojan

behavioral2

redlinemusorevasioninfostealerpersistencetrojan