Overview

overview

10

Static

static

3

app210.exe

windows7-x64

10

app210.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    app210.exe

  • Size

    1023KB

  • Sample

    230522-mt1mssfg85

  • MD5

    4354469feb1ce140d484b4a04ddb93a8

  • SHA1

    be6c1b7ff282ff9001bb4c2c7a396242528a3a3e

  • SHA256

    2a0593cc940a171705a470a0babf0309a5c5ca95cb0e7b70028b541d133ccfc0

  • SHA512

    6199e525dc075b3a8c3f9aaa5475c135492b7f6ba2ebcdff8d387910ce2d8a974daff799e4cdeb21116fc89cec59fa71794025ecdfe76d35c66f9c9c783baec6

  • SSDEEP

    24576:syXhq/R8taHIS3q38zya+M5jYOM8DimgI3swis:bRmuaHIS3qQ5jBRBDswi

Score
10/10
redlinemixaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      app210.exe

    • Size

      1023KB

    • MD5

      4354469feb1ce140d484b4a04ddb93a8

    • SHA1

      be6c1b7ff282ff9001bb4c2c7a396242528a3a3e

    • SHA256

      2a0593cc940a171705a470a0babf0309a5c5ca95cb0e7b70028b541d133ccfc0

    • SHA512

      6199e525dc075b3a8c3f9aaa5475c135492b7f6ba2ebcdff8d387910ce2d8a974daff799e4cdeb21116fc89cec59fa71794025ecdfe76d35c66f9c9c783baec6

    • SSDEEP

      24576:syXhq/R8taHIS3q38zya+M5jYOM8DimgI3swis:bRmuaHIS3qQ5jBRBDswi

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks