Overview

overview

10

Static

static

3

readme.exe

windows7-x64

10

readme.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    readme.exe

  • Size

    1.0MB

  • Sample

    230520-kmk8eseb4z

  • MD5

    ff84f2f15716187979b19212fe782fcd

  • SHA1

    a13b7c5869fc3741f587317edbddd58be3ac5943

  • SHA256

    d4fd15af231d1d2df591c79f1ad48b2c4bf59a4b267d4b17f0c1b7cb646a63ed

  • SHA512

    cf9dd90c5875ef37084d018adca2e71d7746d4d5bdf29407772bd43d632a9624c328cc108f7dc46eba1760d0bc1fcdd725f29078d70d6e5d61398ff2fae04639

  • SSDEEP

    24576:LybQdq1xSOfD6Ym0yOSoAQLXmA7UDTLLdZ:+bQXOfDWKSo3XmA7MTf

Score
10/10
redlinemerenevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

meren

C2

77.91.68.253:19065

Attributes
  • auth_value

    a26557b435e44b55fdd4708fbba97d21

Targets

    • Target

      readme.exe

    • Size

      1.0MB

    • MD5

      ff84f2f15716187979b19212fe782fcd

    • SHA1

      a13b7c5869fc3741f587317edbddd58be3ac5943

    • SHA256

      d4fd15af231d1d2df591c79f1ad48b2c4bf59a4b267d4b17f0c1b7cb646a63ed

    • SHA512

      cf9dd90c5875ef37084d018adca2e71d7746d4d5bdf29407772bd43d632a9624c328cc108f7dc46eba1760d0bc1fcdd725f29078d70d6e5d61398ff2fae04639

    • SSDEEP

      24576:LybQdq1xSOfD6Ym0yOSoAQLXmA7UDTLLdZ:+bQXOfDWKSo3XmA7MTf

    Score
    10/10
    redlinemerenevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks