Overview

overview

10

Static

static

3

client187.exe

windows7-x64

10

client187.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    client187.exe

  • Size

    1021KB

  • Sample

    230522-mt5lrafg94

  • MD5

    5edb8d6e6ead673d1013a6fc178d9a5e

  • SHA1

    dcc12eb0d301f597a2090846ea3d97a5ff8ef493

  • SHA256

    6657767cf9fadb348debcf43f759f69be71896546fa04bd4334c8d744dbe0c57

  • SHA512

    b335b930f9e90b9de117e8f807300d02450b768b1fc0d84c0ad167375ac640dec63eb26a084d359c275b43410da43a8ef9ff31af0e489c9bb31f4d7206731b6c

  • SSDEEP

    24576:pyFT7WwUN2n9qmG+5jPToQMV0Fyx9TckXyreN7Buz1:cF/WwU49qmN5jDMV0FytckCreN7

Score
10/10
redlineluzaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

luza

C2

185.161.248.37:4138

Attributes
  • auth_value

    1261701914d508e02e8b4f25d38bc7f9

Targets

    • Target

      client187.exe

    • Size

      1021KB

    • MD5

      5edb8d6e6ead673d1013a6fc178d9a5e

    • SHA1

      dcc12eb0d301f597a2090846ea3d97a5ff8ef493

    • SHA256

      6657767cf9fadb348debcf43f759f69be71896546fa04bd4334c8d744dbe0c57

    • SHA512

      b335b930f9e90b9de117e8f807300d02450b768b1fc0d84c0ad167375ac640dec63eb26a084d359c275b43410da43a8ef9ff31af0e489c9bb31f4d7206731b6c

    • SSDEEP

      24576:pyFT7WwUN2n9qmG+5jPToQMV0Fyx9TckXyreN7Buz1:cF/WwU49qmN5jDMV0FytckCreN7

    Score
    10/10
    redlineluzaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks