redline | c684018016367a24fe63a623162ffb4df1eecac395978eedc7a0ccbf0f4b7143 | Triage

Sharing

General

Target

c684018016367a24fe63a623162ffb4df1eecac395978eedc7a0ccbf0f4b7143
Size

580KB
Sample

230605-djzhbafb7z
MD5

66d3764351fa6b48e09f0b2733df0629
SHA1

08055f225174c6864c2b2374a503c955c3c1bb72
SHA256

c684018016367a24fe63a623162ffb4df1eecac395978eedc7a0ccbf0f4b7143
SHA512

46fbfe059b014eb2fcd927ec3bd8d87f2d6f80ecab8e7df866c5853a5ab109fbfaa6d6825b7ab26dfefbc1df831434130a6a296526dab63c6132a90337213691
SSDEEP

12288:LMrwy90Bjjvv3nNIYkiVtIme68BQfRbBbY143Eh8:Ty033nCYnIj68BQZbdY43ES

Score

10^/10

redline diza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  c684018016367a24fe63a623162ffb4df1eecac395978eedc7a0ccbf0f4b7143
- Size
  
  580KB
- MD5
  
  66d3764351fa6b48e09f0b2733df0629
- SHA1
  
  08055f225174c6864c2b2374a503c955c3c1bb72
- SHA256
  
  c684018016367a24fe63a623162ffb4df1eecac395978eedc7a0ccbf0f4b7143
- SHA512
  
  46fbfe059b014eb2fcd927ec3bd8d87f2d6f80ecab8e7df866c5853a5ab109fbfaa6d6825b7ab26dfefbc1df831434130a6a296526dab63c6132a90337213691
- SSDEEP
  
  12288:LMrwy90Bjjvv3nNIYkiVtIme68BQfRbBbY143Eh8:Ty033nCYnIj68BQZbdY43ES
Score

10^/10

redline diza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizaevasioninfostealerpersistencetrojan