Overview

overview

10

Static

static

3

2724243512.exe

windows7-x64

10

2724243512.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2724243512.exe

  • Size

    1.0MB

  • Sample

    230522-msw8zsfg49

  • MD5

    5c22fc6b5fa3fdf465b43aa8b56569d1

  • SHA1

    f32b1e9138e97545a55907120ae15db2f29a3f31

  • SHA256

    8b67e7b1505ef5ab83c8589cbdad0f4b164e7976058e78d31233f4e80c15757d

  • SHA512

    12f61e607d6b0fabd882caa5f523434f5e3b0a045013bf91bfd06c4adcb61b7e228bd9fa85f89e18c226508bdf0c568184a096de667f838400edd35757033805

  • SSDEEP

    24576:oySfIcq3BYX98P+7OVSnxQzX33Siy8JNO:vSfXqR+9827jxu3K8N

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      2724243512.exe

    • Size

      1.0MB

    • MD5

      5c22fc6b5fa3fdf465b43aa8b56569d1

    • SHA1

      f32b1e9138e97545a55907120ae15db2f29a3f31

    • SHA256

      8b67e7b1505ef5ab83c8589cbdad0f4b164e7976058e78d31233f4e80c15757d

    • SHA512

      12f61e607d6b0fabd882caa5f523434f5e3b0a045013bf91bfd06c4adcb61b7e228bd9fa85f89e18c226508bdf0c568184a096de667f838400edd35757033805

    • SSDEEP

      24576:oySfIcq3BYX98P+7OVSnxQzX33Siy8JNO:vSfXqR+9827jxu3K8N

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks