redline | e49f3e10d04def90bcd4bb4dc2106cf2161b13c5bb0073866ed2c8ef14dda1af | Triage

Sharing

General

Target

3eb41edab78db1b73fe65e768c0936c1.bin
Size

977KB
Sample

230523-bm6ppaeb3x
MD5

7873469010b81090ac4a8947d8a09306
SHA1

a6b319b3677202a8ae1e83fb7d832025512b0ec0
SHA256

e49f3e10d04def90bcd4bb4dc2106cf2161b13c5bb0073866ed2c8ef14dda1af
SHA512

4ee3e82ed040108f8a5c6b1d68f9bc1528bf4f2929447a4d09a424b0a889ad63617099d06ea311ae5cd2b740a34039c50c2fca0d00470657dd065a261b0dcb45
SSDEEP

24576:wwg8lUjTf/FR4sLHEl8gw3nZdAOwvQ7rjn5aFIVp:FlUHf/aegwXvAOgQ7/5a2j

Score

10^/10

redline luza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

luza

C2

185.161.248.37:4138

Attributes

auth_value
1261701914d508e02e8b4f25d38bc7f9

Targets

- Target
  
  eee2af8cb9fce696685e45f7f328963cfdce3ac4c1bc55775e46205b2b4ee333.exe
- Size
  
  1021KB
- MD5
  
  3eb41edab78db1b73fe65e768c0936c1
- SHA1
  
  9e623ff0f9a010baf6ec0a845f610d366cd33155
- SHA256
  
  eee2af8cb9fce696685e45f7f328963cfdce3ac4c1bc55775e46205b2b4ee333
- SHA512
  
  51fef1595378fcf089d7343887e94b31648101e54fa20860297c3e51a58a05106fa7035b725fc08900fe5a3148cd3b276f1f5286b1c8cd9c2dfca9de9026bd8f
- SSDEEP
  
  24576:Ay9lAduF8o5mmqZwcEEfjg3iuQJALUpU6uE7Hu:H9ofopqScEAg3IJsU9uE7H
Score

10^/10

redline luza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineluzaevasioninfostealerpersistencetrojan

behavioral2

redlineluzaevasioninfostealerpersistencetrojan