redline | 95648f13573d1dba7a6f604650f90ef17cb492b53047ed5af5bdb77897b12111 | Triage

Sharing

General

Target

ad77aad43c3e1315f76f837270a022ab.bin
Size

986KB
Sample

230522-b1spzsgb9w
MD5

41ec068c6a40825fa763907b6f92613c
SHA1

7b6c001531c2eeb6c1f2a5a251e66fa944c7910c
SHA256

95648f13573d1dba7a6f604650f90ef17cb492b53047ed5af5bdb77897b12111
SHA512

01f76eec734abd19622a97f6e166b0c47fa0879050739d86f18d6778562b0bbcace63b787abc76fc7c96e493aeec2154413cf974fb883ca692d157e8e1050641
SSDEEP

24576:C3gGlnPgs+j4BXIfPQyLqP7+H3Z81Aabjia+5Td1MHY4MND:C3gGyNj4BTeZ81ly5rMHKD

Score

10^/10

redline diza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  6e1568bbb3eedfc19307327e912cf9ef7c43c65926831c42ddeaa877fffe723b.exe
- Size
  
  1.0MB
- MD5
  
  ad77aad43c3e1315f76f837270a022ab
- SHA1
  
  b61dda4980b44e829551ebd25e034bd77b5152bb
- SHA256
  
  6e1568bbb3eedfc19307327e912cf9ef7c43c65926831c42ddeaa877fffe723b
- SHA512
  
  5f1e2f99cd0b621e1e172b7b27a60ff109e09d8d7e87c9304652af90ec49fb06cfab8edfb38e4513e7c6cd8f223bc5cf3a6d20f969a4296dfde14e5535d931af
- SSDEEP
  
  24576:OyejuH5yjqA5/BTcv7Rh7n/OJ6TmxRNT++PfOvAf:dyuZyjqmmRt46TaNT+8fOv
Score

10^/10

redline diza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizaevasioninfostealerpersistencetrojan

behavioral2

redlinedizaevasioninfostealerpersistencetrojan