Overview

overview

10

Static

static

3

calculator.exe

windows7-x64

10

calculator.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    calculator.exe

  • Size

    1.0MB

  • Sample

    230520-kkac5sea9y

  • MD5

    35af6c2b88a7f3175453e8415734d037

  • SHA1

    37c2a32a32a599379d0d85665124d56670c90ccb

  • SHA256

    6f8b4ce685a70c40ef0fafaae5138cdc7985793dfcd340763556d49474547a60

  • SHA512

    aa3d203bfb3ede854d50d43285fb5c1b7e372e277ca1423a2e2eb3f9db38f39afc52d3ba2a02a9068a6ee9cc7e379b8e5729563c0494dd23af75dc3e10933234

  • SSDEEP

    24576:vyyYjyAnOdvtOKbm4KeIqrhT3u+HaYvh+zM9FlPtefGxmlHw6u:6XjTOdc4KShruihJFlPteYyd

Score
10/10
redlinemerenevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

meren

C2

77.91.68.253:19065

Attributes
  • auth_value

    a26557b435e44b55fdd4708fbba97d21

Targets

    • Target

      calculator.exe

    • Size

      1.0MB

    • MD5

      35af6c2b88a7f3175453e8415734d037

    • SHA1

      37c2a32a32a599379d0d85665124d56670c90ccb

    • SHA256

      6f8b4ce685a70c40ef0fafaae5138cdc7985793dfcd340763556d49474547a60

    • SHA512

      aa3d203bfb3ede854d50d43285fb5c1b7e372e277ca1423a2e2eb3f9db38f39afc52d3ba2a02a9068a6ee9cc7e379b8e5729563c0494dd23af75dc3e10933234

    • SSDEEP

      24576:vyyYjyAnOdvtOKbm4KeIqrhT3u+HaYvh+zM9FlPtefGxmlHw6u:6XjTOdc4KShruihJFlPteYyd

    Score
    10/10
    redlinemerenevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks