Overview

overview

10

Static

static

3

7a19fd2751...e9.exe

windows7-x64

10

7a19fd2751...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83e69d2f1054c26576de28402d6dd912.bin

  • Size

    986KB

  • Sample

    230520-btgzxahe84

  • MD5

    a3033de8aa968ef512c1e7e627aeeced

  • SHA1

    8bcda7c7e6f161f7d5ca9d8fd1dcaa8d7c4276d2

  • SHA256

    5098929077a0af292a2da5dbd12e2d3bf758cf085eef8cf0f1f3c3a7e4c23c7b

  • SHA512

    3c96975c7b1f4c4bfde48f36ba0a7e399bcf0edf1c7a2af8f995707de4b81e4a975dd5ec55af99d39f4e7d1c1f9b7ea9d43ff84708b4b3b68aa6781438596fd3

  • SSDEEP

    12288:W8JlkiOx9ko05r603qtPl/JUiAMAoTl5YxhPbvfBkSptVoBz4mkKHWX+WxRWv/Ak:JG9kCrr/JUhoTjSh77o2XWv/yd8V7xDR

Score
10/10
redlinedakoevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

dako

C2

77.91.68.253:41783

Attributes
  • auth_value

    c6bc6a7edb74e0eff37800710e07bee1

Targets

    • Target

      7a19fd275109a98ace8fb30d84180a7a497fd6d0a4b7e3151039bb342cc4b9e9.exe

    • Size

      1.0MB

    • MD5

      83e69d2f1054c26576de28402d6dd912

    • SHA1

      891d6439771606dd94b294ff98e66835e2c9faa7

    • SHA256

      7a19fd275109a98ace8fb30d84180a7a497fd6d0a4b7e3151039bb342cc4b9e9

    • SHA512

      4792d02bafa9ab480d2194d2bc4b749e72edd70b3ecb13c76a77dc040961741b683819a7bfffcc2d04127d09d265b119a5b598020b85ff70cb7f109ae02105fa

    • SSDEEP

      24576:JyczWJC8P9AwgjR4i4lyMT/Gjw78ZI6Kzk:8c6CmCwgjCi49/G6

    Score
    10/10
    redlinedakoevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks