redline | b8f250170f82d9c4bae5b9ded897b56b07dc982ebb5f2ca8c10719476e37bded | Triage

Sharing

General

Target

b8f250170f82d9c4bae5b9ded897b56b07dc982ebb5f2ca8c10719476e37bded
Size

1.0MB
Sample

230520-qnwcnscd97
MD5

7eebfdc90ecf598ae579d07ca76523f6
SHA1

8ed00c43001dbcd163c84f44c11223962abef1a6
SHA256

b8f250170f82d9c4bae5b9ded897b56b07dc982ebb5f2ca8c10719476e37bded
SHA512

1dc6b677fa5447c7318431e2cc7e4373ab34b480855428180391fe8d9a328f00787d1117c288587370510e03b638925e06970534fccb19462c2c84767cabc6cb
SSDEEP

12288:0Mr/y90IOgZk8dILpGZMzRMRw/qrjmSZjxzg7hBqBV5yR7iwVsuK3EoTPiB92hRG:DyqAILphmgq3mSrp8R7ieK3EWUnTJ

Score

10^/10

redline meren evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

meren

C2

77.91.68.253:19065

Attributes

auth_value
a26557b435e44b55fdd4708fbba97d21

Targets

- Target
  
  b8f250170f82d9c4bae5b9ded897b56b07dc982ebb5f2ca8c10719476e37bded
- Size
  
  1.0MB
- MD5
  
  7eebfdc90ecf598ae579d07ca76523f6
- SHA1
  
  8ed00c43001dbcd163c84f44c11223962abef1a6
- SHA256
  
  b8f250170f82d9c4bae5b9ded897b56b07dc982ebb5f2ca8c10719476e37bded
- SHA512
  
  1dc6b677fa5447c7318431e2cc7e4373ab34b480855428180391fe8d9a328f00787d1117c288587370510e03b638925e06970534fccb19462c2c84767cabc6cb
- SSDEEP
  
  12288:0Mr/y90IOgZk8dILpGZMzRMRw/qrjmSZjxzg7hBqBV5yR7iwVsuK3EoTPiB92hRG:DyqAILphmgq3mSrp8R7ieK3EWUnTJ
Score

10^/10

redline meren evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemerenevasioninfostealerpersistencetrojan