redline | 064daa3f58b4c82c09e90aa7639d135440930e7660ea70b61651cee95f62407d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

064daa3f58b4c82c09e90aa7639d135440930e7660ea70b61651cee95f62407d
Size

1.0MB
Sample

230518-r8g68abf3t
MD5

f8dfbb13f0e20f685672715e839a181c
SHA1

900ca1698ca9dcbb02d8d0da8f6f175bd827b9e9
SHA256

064daa3f58b4c82c09e90aa7639d135440930e7660ea70b61651cee95f62407d
SHA512

bf1d68b9d81fab32fcdfe99fdf8745d1d07a73e885c1bcfbc8484c3478485a0438c0483cbea8cb0192aabb3670a2e36e0bddabcf7247b201e6440ee8fa2365e1
SSDEEP

24576:syWkEchnxssVI8in/NSsDufQamPBT7Ut7QFVjRje5aU:bWZchniHnVSEyGVUtcFVtjqa

Score

10^/10

redline luna evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

luna

C2

77.91.68.253:4138

Attributes

auth_value
16dec8addb01db1c11c59667022ef7a2

Targets

- Target
  
  064daa3f58b4c82c09e90aa7639d135440930e7660ea70b61651cee95f62407d
- Size
  
  1.0MB
- MD5
  
  f8dfbb13f0e20f685672715e839a181c
- SHA1
  
  900ca1698ca9dcbb02d8d0da8f6f175bd827b9e9
- SHA256
  
  064daa3f58b4c82c09e90aa7639d135440930e7660ea70b61651cee95f62407d
- SHA512
  
  bf1d68b9d81fab32fcdfe99fdf8745d1d07a73e885c1bcfbc8484c3478485a0438c0483cbea8cb0192aabb3670a2e36e0bddabcf7247b201e6440ee8fa2365e1
- SSDEEP
  
  24576:syWkEchnxssVI8in/NSsDufQamPBT7Ut7QFVjRje5aU:bWZchniHnVSEyGVUtcFVtjqa
Score

10^/10

redline luna evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelunaevasioninfostealerpersistencetrojan