redline | 96bc6c7dc47b59769487d39579e01aa385e061ac4cfdaac638c9245585b2f42c | Triage

Sharing

General

Target

96bc6c7dc47b59769487d39579e01aa385e061ac4cfdaac638c9245585b2f42c
Size

581KB
Sample

230605-ft8j3seh83
MD5

8278660129a88ab6f356bb51086996fd
SHA1

b1a52136e641a9802851b30565920b44625f16e1
SHA256

96bc6c7dc47b59769487d39579e01aa385e061ac4cfdaac638c9245585b2f42c
SHA512

cff0a46d7b5d05b9355e92e8da8397916d8e1037d0a2e89b426d6d095643fb69ed05dec8f812e0f439af9a0ee00f26b7cfb2d8a17bfbde52168b9ff978c95fc0
SSDEEP

12288:kMrby9079Yb5sioEti5qbxshroQfw+xc/gTNc4UY+edgb6:ny89YyzEti5qbuffw+G/gTaFYh06

Score

10^/10

redline maxi evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19046

Attributes

auth_value
6a3f22e5f4209b056a3fd330dc71956a

Targets

- Target
  
  96bc6c7dc47b59769487d39579e01aa385e061ac4cfdaac638c9245585b2f42c
- Size
  
  581KB
- MD5
  
  8278660129a88ab6f356bb51086996fd
- SHA1
  
  b1a52136e641a9802851b30565920b44625f16e1
- SHA256
  
  96bc6c7dc47b59769487d39579e01aa385e061ac4cfdaac638c9245585b2f42c
- SHA512
  
  cff0a46d7b5d05b9355e92e8da8397916d8e1037d0a2e89b426d6d095643fb69ed05dec8f812e0f439af9a0ee00f26b7cfb2d8a17bfbde52168b9ff978c95fc0
- SSDEEP
  
  12288:kMrby9079Yb5sioEti5qbxshroQfw+xc/gTNc4UY+edgb6:ny89YyzEti5qbuffw+G/gTaFYh06
Score

10^/10

redline maxi evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemaxievasioninfostealerpersistencetrojan