redline | e486ce42efdf98b40721cc586ccbfef280a754f96bdf83829da80b979702a7cf | Triage

Sharing

General

Target

e486ce42efdf98b40721cc586ccbfef280a754f96bdf83829da80b979702a7cf
Size

580KB
Sample

230605-c6geksef42
MD5

6b7671326ad4d8cd0b49037cd9bf128c
SHA1

d8ca30dae251c203e8d819a2c1eac09f98e042a1
SHA256

e486ce42efdf98b40721cc586ccbfef280a754f96bdf83829da80b979702a7cf
SHA512

f4808095351dd98303e6f00c00c6b40e2637d9dcb2f2d0c262424bfefe0e8ecf43ca7d5bb233cf9180e38f0a83fda1fdace8d35067cd4c8af86e68a0c253cb4a
SSDEEP

12288:NMrzy90SjA9Cmyaw3QVAO7v6bTvOxkIzAgkVM+xir:eyLsmaEV3PYkV7xS

Score

10^/10

redline maxi evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19046

Attributes

auth_value
6a3f22e5f4209b056a3fd330dc71956a

Targets

- Target
  
  e486ce42efdf98b40721cc586ccbfef280a754f96bdf83829da80b979702a7cf
- Size
  
  580KB
- MD5
  
  6b7671326ad4d8cd0b49037cd9bf128c
- SHA1
  
  d8ca30dae251c203e8d819a2c1eac09f98e042a1
- SHA256
  
  e486ce42efdf98b40721cc586ccbfef280a754f96bdf83829da80b979702a7cf
- SHA512
  
  f4808095351dd98303e6f00c00c6b40e2637d9dcb2f2d0c262424bfefe0e8ecf43ca7d5bb233cf9180e38f0a83fda1fdace8d35067cd4c8af86e68a0c253cb4a
- SSDEEP
  
  12288:NMrzy90SjA9Cmyaw3QVAO7v6bTvOxkIzAgkVM+xir:eyLsmaEV3PYkV7xS
Score

10^/10

redline maxi evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemaxievasioninfostealerpersistencetrojan