Overview

overview

10

Static

static

3

CloudCheat...11.exe

windows7-x64

10

CloudCheat...11.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    CloudCheatsSetup611.exe

  • Size

    1.0MB

  • Sample

    230522-mthrzsae8s

  • MD5

    ec17d6ab47c9f62304b5a3344295323f

  • SHA1

    cad1cca91444ce77a7ca6500ba0d3fd7eb5d706d

  • SHA256

    e620a7fe222cfae8267806ee2380227dc3709d3bfb8adec2e09dde30af7dabe1

  • SHA512

    f7a55b44c66fb16d82f3363c5278a84d842d43daeff146864bf54d820ab6a21055e92e9e7dd67b9f8c96e600848c8bb1f8b424d7633da03431305ef245be8a6c

  • SSDEEP

    24576:SyTxIznaNb7hMuC5rP4qQSAy3Swb1lzIgTXUg7OGVCkBdDMN:5TWzaNb7h1C1P4qGng3PTYGQGdD

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      CloudCheatsSetup611.exe

    • Size

      1.0MB

    • MD5

      ec17d6ab47c9f62304b5a3344295323f

    • SHA1

      cad1cca91444ce77a7ca6500ba0d3fd7eb5d706d

    • SHA256

      e620a7fe222cfae8267806ee2380227dc3709d3bfb8adec2e09dde30af7dabe1

    • SHA512

      f7a55b44c66fb16d82f3363c5278a84d842d43daeff146864bf54d820ab6a21055e92e9e7dd67b9f8c96e600848c8bb1f8b424d7633da03431305ef245be8a6c

    • SSDEEP

      24576:SyTxIznaNb7hMuC5rP4qQSAy3Swb1lzIgTXUg7OGVCkBdDMN:5TWzaNb7h1C1P4qGng3PTYGQGdD

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks