Overview

overview

10

Static

static

3

interface.exe

windows7-x64

10

interface.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    interface.exe

  • Size

    1.0MB

  • Sample

    230520-m7zbwsbh56

  • MD5

    c4b6e83ea8d78470334e4f9e0531f1a8

  • SHA1

    637b937117769c5926cbe7e286d589d156277be4

  • SHA256

    87cc0fa05d3594ad3cf4758db0751482a7ad3f01b528bbb6fad11ffe2c522d4d

  • SHA512

    6d0ca643752c9fe2573196066570fc829c8bb2deb428d65da43ae253f917d8a5af00343d9b5f8834a99228efe560fb71cce38e7d65cb1b00679eb4f1a949bbcf

  • SSDEEP

    24576:cyFrXCNXmIQMwl6mcAW9AX19SeFCGXknj1tSlx8lPIR8A:LlW9c69kZFCGOJowF

Score
10/10
redlinederenevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

deren

C2

77.91.68.253:19065

Attributes
  • auth_value

    04a169f1fb198bfbeca74d0e06ea2d54

Targets

    • Target

      interface.exe

    • Size

      1.0MB

    • MD5

      c4b6e83ea8d78470334e4f9e0531f1a8

    • SHA1

      637b937117769c5926cbe7e286d589d156277be4

    • SHA256

      87cc0fa05d3594ad3cf4758db0751482a7ad3f01b528bbb6fad11ffe2c522d4d

    • SHA512

      6d0ca643752c9fe2573196066570fc829c8bb2deb428d65da43ae253f917d8a5af00343d9b5f8834a99228efe560fb71cce38e7d65cb1b00679eb4f1a949bbcf

    • SSDEEP

      24576:cyFrXCNXmIQMwl6mcAW9AX19SeFCGXknj1tSlx8lPIR8A:LlW9c69kZFCGOJowF

    Score
    10/10
    redlinederenevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks