redline | 7da182be8834f7ea58d584fcf8f2197fe1b9b252563a2b4b4715760cfd09564c | Triage

Sharing

General

Target

7da182be8834f7ea58d584fcf8f2197fe1b9b252563a2b4b4715760cfd09564c
Size

581KB
Sample

230605-hl8wzsfc33
MD5

5a53c45658b6c1a88556902d13ca1b72
SHA1

53a3bd8eee01e4a7879ac3c6bbf9c5ec6a5c8e1c
SHA256

7da182be8834f7ea58d584fcf8f2197fe1b9b252563a2b4b4715760cfd09564c
SHA512

4709553eb792bdada897fc9a8b109d002ea4c2242925fba8c18b4bab8595218077028aa730a9450fcbb0cb0426b3b1c675d8a877e8fcafe0e3342d7d13c7ab97
SSDEEP

12288:bMrqy90tsduegttXWpfbvwnV3ZBcYyZz+RZnnpsvH:JyfduegCpjvwnVaB

Score

10^/10

redline diza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  7da182be8834f7ea58d584fcf8f2197fe1b9b252563a2b4b4715760cfd09564c
- Size
  
  581KB
- MD5
  
  5a53c45658b6c1a88556902d13ca1b72
- SHA1
  
  53a3bd8eee01e4a7879ac3c6bbf9c5ec6a5c8e1c
- SHA256
  
  7da182be8834f7ea58d584fcf8f2197fe1b9b252563a2b4b4715760cfd09564c
- SHA512
  
  4709553eb792bdada897fc9a8b109d002ea4c2242925fba8c18b4bab8595218077028aa730a9450fcbb0cb0426b3b1c675d8a877e8fcafe0e3342d7d13c7ab97
- SSDEEP
  
  12288:bMrqy90tsduegttXWpfbvwnV3ZBcYyZz+RZnnpsvH:JyfduegCpjvwnVaB
Score

10^/10

redline diza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizaevasioninfostealerpersistencetrojan