Overview

overview

10

Static

static

3

26324.exe

windows7-x64

10

26324.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    26324.exe

  • Size

    1021KB

  • Sample

    230519-hxa44aff57

  • MD5

    a859f4dee650c30cff5e9a766504aa56

  • SHA1

    4e78ea9e0caa2c1b657966365ac192f577a36d6d

  • SHA256

    23fbeba39612eab2ed7f8eb1416dc741f306a13a5f91bf524e36bccede09f861

  • SHA512

    3c1559589964512a2e78a8ebe768f2f04b5697a1832bfad1c5f5416283464b69466c5cc522de57552f62d763222cb60e3b3e5e46be749d94e168a10ba26c032f

  • SSDEEP

    24576:KyJm+l+jEJheeVr88Rp8gkfNiQeVYgc2Kau9RjWu:RJmI+eheSAupW0XG2m9Ri

Score
10/10
redlinelaxakevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

laxak

C2

77.91.68.253:41783

Attributes
  • auth_value

    9f2cf0f93f412b5c2e152400023c0fc3

Targets

    • Target

      26324.exe

    • Size

      1021KB

    • MD5

      a859f4dee650c30cff5e9a766504aa56

    • SHA1

      4e78ea9e0caa2c1b657966365ac192f577a36d6d

    • SHA256

      23fbeba39612eab2ed7f8eb1416dc741f306a13a5f91bf524e36bccede09f861

    • SHA512

      3c1559589964512a2e78a8ebe768f2f04b5697a1832bfad1c5f5416283464b69466c5cc522de57552f62d763222cb60e3b3e5e46be749d94e168a10ba26c032f

    • SSDEEP

      24576:KyJm+l+jEJheeVr88Rp8gkfNiQeVYgc2Kau9RjWu:RJmI+eheSAupW0XG2m9Ri

    Score
    10/10
    redlinelaxakevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks