redline | ae9417fda69d93d2b942c825557d48b3c6143ffbd8a25314cddf6c8f108b7786 | Triage

Sharing

General

Target

ae9417fda69d93d2b942c825557d48b3c6143ffbd8a25314cddf6c8f108b7786
Size

1.0MB
Sample

230522-dmx4nadg75
MD5

5ef2b7e7255c2a969e0adba0f9321969
SHA1

1847b8fb26d08300bb1d755b0a3ea9c0f16b6cd6
SHA256

ae9417fda69d93d2b942c825557d48b3c6143ffbd8a25314cddf6c8f108b7786
SHA512

054d4b1c80b24c3f87057b425c6e5b419cb7448adee94328927c95fec627037aa522a2de88d4e1196dd0e2cc8e814bb700341e9d87f55a89cbf6b789bbcfbf01
SSDEEP

24576:6ypU2HRsKBYX/2dHBBqvJvvvplrZo5AhZAASznfkKvUEI/Z:BXHeKSedhBq5plrZVZAbQb

Score

10^/10

redline mixa evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes

auth_value
9d14534b25ac495ab25b59800acf3bb2

Targets

- Target
  
  ae9417fda69d93d2b942c825557d48b3c6143ffbd8a25314cddf6c8f108b7786
- Size
  
  1.0MB
- MD5
  
  5ef2b7e7255c2a969e0adba0f9321969
- SHA1
  
  1847b8fb26d08300bb1d755b0a3ea9c0f16b6cd6
- SHA256
  
  ae9417fda69d93d2b942c825557d48b3c6143ffbd8a25314cddf6c8f108b7786
- SHA512
  
  054d4b1c80b24c3f87057b425c6e5b419cb7448adee94328927c95fec627037aa522a2de88d4e1196dd0e2cc8e814bb700341e9d87f55a89cbf6b789bbcfbf01
- SSDEEP
  
  24576:6ypU2HRsKBYX/2dHBBqvJvvvplrZo5AhZAASznfkKvUEI/Z:BXHeKSedhBq5plrZVZAbQb
Score

10^/10

redline mixa evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemixaevasioninfostealerpersistencetrojan