redline | 3bdfed68830ad4d8992d3a81c78af933f2909f34aad8b7818d856cb1adf7181c | Triage

Sharing

General

Target

3bdfed68830ad4d8992d3a81c78af933f2909f34aad8b7818d856cb1adf7181c
Size

1.0MB
Sample

230521-3krarsch75
MD5

a9f148dd491fe7c9e00c534edbe46af1
SHA1

728fa3400720141a5b99aa32f0c2eb48e4170bc5
SHA256

3bdfed68830ad4d8992d3a81c78af933f2909f34aad8b7818d856cb1adf7181c
SHA512

469492c4da9fbf508ce8f1745425cdbe43dbc0fa7b1c33ae4fa1c2103c04189247dbce24931c509e5810ea98593bba1641566dc9ac7570e6f8b17c6686a50815
SSDEEP

24576:KykSmY1w3fNWdqKLouh7Qb7cT+DwmzRewJorTT65xn7w:RTwYdqQh7qIUJmTTkx7

Score

10^/10

redline mixa evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes

auth_value
9d14534b25ac495ab25b59800acf3bb2

Targets

- Target
  
  3bdfed68830ad4d8992d3a81c78af933f2909f34aad8b7818d856cb1adf7181c
- Size
  
  1.0MB
- MD5
  
  a9f148dd491fe7c9e00c534edbe46af1
- SHA1
  
  728fa3400720141a5b99aa32f0c2eb48e4170bc5
- SHA256
  
  3bdfed68830ad4d8992d3a81c78af933f2909f34aad8b7818d856cb1adf7181c
- SHA512
  
  469492c4da9fbf508ce8f1745425cdbe43dbc0fa7b1c33ae4fa1c2103c04189247dbce24931c509e5810ea98593bba1641566dc9ac7570e6f8b17c6686a50815
- SSDEEP
  
  24576:KykSmY1w3fNWdqKLouh7Qb7cT+DwmzRewJorTT65xn7w:RTwYdqQh7qIUJmTTkx7
Score

10^/10

redline mixa evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemixaevasioninfostealerpersistencetrojan