Overview

overview

10

Static

static

3

b2ef6152c2...a7.exe

windows7-x64

10

b2ef6152c2...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7008a6317fd9009852f4bf6267131b4d.bin

  • Size

    742KB

  • Sample

    230605-nmbwjagg4t

  • MD5

    6013e6c1f95a122f241a9281743077a2

  • SHA1

    b3500dfdb7b30a1d308bdbc154a80539ac5ebc41

  • SHA256

    544d8874ed1e19469aa9809860116fe715355dbdeb88693566efc992868a1f37

  • SHA512

    494dcdf51c72baabf7d432d3ad7040a1237365f170bdedf76211149f82391dcdcd587472dd82ac13966c6e2be6c320d5a1897f83cabb26c7e058728d8c8e8049

  • SSDEEP

    12288:YwAiAJOIpLTS0QKWzPh/sSwqjj5YXc0V/eD322uhs6p/M8yEIEAmL0thM1W2ws8m:7AJOIpvS0Q/h/Brje9/C22r6JAE0thYp

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19046

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      b2ef6152c28d194375f2a5398ff7f2f9141b854a4e71f5e27ed7793bccb705a7.exe

    • Size

      786KB

    • MD5

      7008a6317fd9009852f4bf6267131b4d

    • SHA1

      51d6f93d427c93e57648d156f73eedb07d971de2

    • SHA256

      b2ef6152c28d194375f2a5398ff7f2f9141b854a4e71f5e27ed7793bccb705a7

    • SHA512

      35a39d0fffb1b3ed957c6bc1b2095c2c4c9c340baa6565c952f78c2600654316dadf3094cf24fbdeb5269828fb72c160353bb94abb3f2fd2bd840f3410b7e900

    • SSDEEP

      24576:PyJ82wFqgfDwsjiN8w2tnXIlwv/WHFjS:aCZ7Z/Ylw2H1

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Disabling Security Tools

1
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks