redline | b0a121aa7279e3134bdee7c3a1fdb30959c447a8b713e926dcb60aec21894dd9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0a121aa7279e3134bdee7c3a1fdb30959c447a8b713e926dcb60aec21894dd9
Size

767KB
Sample

230525-v1sjrscb4z
MD5

6fa905b7b1b78d02cbd78bd144accf95
SHA1

6a25955461efe51fcc90ead22ff2f46a8829ebf0
SHA256

b0a121aa7279e3134bdee7c3a1fdb30959c447a8b713e926dcb60aec21894dd9
SHA512

6808d604411e6c39fd47139342571b8334d13ae58c63959f14c0fded67dd234f689a2a13d1ee2080536418753d466b33d94d616a0340b1ce6a4422f766cf84c8
SSDEEP

12288:WMr1y90yp9nFNboVRrNOOfdzktyvVTnx1mMeU6+Q+fcavQ2bWNE+QU:7ylFJojrzNlsU6j+U92bdU

Score

10^/10

redline mina evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

mina

C2

83.97.73.122:19062

Attributes

auth_value
3d04bf4b8ba2a11c4dcf9df0e388fa05

Targets

- Target
  
  b0a121aa7279e3134bdee7c3a1fdb30959c447a8b713e926dcb60aec21894dd9
- Size
  
  767KB
- MD5
  
  6fa905b7b1b78d02cbd78bd144accf95
- SHA1
  
  6a25955461efe51fcc90ead22ff2f46a8829ebf0
- SHA256
  
  b0a121aa7279e3134bdee7c3a1fdb30959c447a8b713e926dcb60aec21894dd9
- SHA512
  
  6808d604411e6c39fd47139342571b8334d13ae58c63959f14c0fded67dd234f689a2a13d1ee2080536418753d466b33d94d616a0340b1ce6a4422f766cf84c8
- SSDEEP
  
  12288:WMr1y90yp9nFNboVRrNOOfdzktyvVTnx1mMeU6+Q+fcavQ2bWNE+QU:7ylFJojrzNlsU6j+U92bdU
Score

10^/10

redline mina evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineminaevasioninfostealerpersistencetrojan