Overview

overview

10

Static

static

3

66234483.exe

windows7-x64

10

66234483.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66234483.exe

  • Size

    1.0MB

  • Sample

    230522-mtg6fsae7w

  • MD5

    2e12885c16dae4e487efb1ca8fbcb2b4

  • SHA1

    6d569df1992a4c54c2416ba23d1b5c02cf0297b9

  • SHA256

    a35e6f8dedc471d6686eda7379cba590dec5fc82cc1ba26ae9ade90871f3088d

  • SHA512

    09670231dd6cb9dabe00fd50f2177d189ffb40322af4a2fb959ccb27416e45d16f63744a938f6e748d520c3c30a3dacc690583543acbc327df9e29d1dac91056

  • SSDEEP

    24576:HyxasenovhxIDB+GGq1KzpCZa1MZPkhmbrpuV0U:SxafnovUDB+GGq6YZa1MZPembM

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      66234483.exe

    • Size

      1.0MB

    • MD5

      2e12885c16dae4e487efb1ca8fbcb2b4

    • SHA1

      6d569df1992a4c54c2416ba23d1b5c02cf0297b9

    • SHA256

      a35e6f8dedc471d6686eda7379cba590dec5fc82cc1ba26ae9ade90871f3088d

    • SHA512

      09670231dd6cb9dabe00fd50f2177d189ffb40322af4a2fb959ccb27416e45d16f63744a938f6e748d520c3c30a3dacc690583543acbc327df9e29d1dac91056

    • SSDEEP

      24576:HyxasenovhxIDB+GGq1KzpCZa1MZPkhmbrpuV0U:SxafnovUDB+GGq6YZa1MZPembM

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks