redline | e7f26e55455a2a83d0b1cf17fa5061b18ca01d19f7f77c485616d1dd799f97ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DiscoSetup472.exe
Size

1.0MB
Sample

230521-xel6zabg26
MD5

3bccb3a4db7f015e9334cf6c4a3dbc6e
SHA1

ea7be21a1e4d2eabc90d48a4cc11068fb9be5598
SHA256

e7f26e55455a2a83d0b1cf17fa5061b18ca01d19f7f77c485616d1dd799f97ed
SHA512

f444dba2a2cd1dfe31ab8ebd4fe0486a5e851a2e29afd81a39b9a7d0b87299706c3d624fbe94250082a66a91236a93d9f97496afc56103c4e335d2b81ac30372
SSDEEP

24576:ky/Hi6rxDh55mgIdqK2XRa7y+oMO1ZNjCZVbuqh670nltJw3l4WR:zPi69DErqK2ha8ZNuzbSoltJw3lJ

Score

10^/10

redline diza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  DiscoSetup472.exe
- Size
  
  1.0MB
- MD5
  
  3bccb3a4db7f015e9334cf6c4a3dbc6e
- SHA1
  
  ea7be21a1e4d2eabc90d48a4cc11068fb9be5598
- SHA256
  
  e7f26e55455a2a83d0b1cf17fa5061b18ca01d19f7f77c485616d1dd799f97ed
- SHA512
  
  f444dba2a2cd1dfe31ab8ebd4fe0486a5e851a2e29afd81a39b9a7d0b87299706c3d624fbe94250082a66a91236a93d9f97496afc56103c4e335d2b81ac30372
- SSDEEP
  
  24576:ky/Hi6rxDh55mgIdqK2XRa7y+oMO1ZNjCZVbuqh670nltJw3l4WR:zPi69DErqK2ha8ZNuzbSoltJw3lJ
Score

10^/10

redline diza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizaevasioninfostealerpersistencetrojan

behavioral2

redlinedizaevasioninfostealerpersistencetrojan