Overview

overview

10

Static

static

3

c260c59382...ad.exe

windows7-x64

10

c260c59382...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffd7656707c92c1f0500fcd0661e9628.bin

  • Size

    742KB

  • Sample

    230605-qgxl6ahd3t

  • MD5

    7448d665cc9e9190527286b25475a1b5

  • SHA1

    a2967b918792dbc1f8b3c465df54804c2bcab17e

  • SHA256

    b01643a74f2e4bcd6eb34cd8d8fd677554fa45651ef8c799b3636c796cea066c

  • SHA512

    a5d0e984fdcff403929c41cf63ac76450a4aa6de03dae48d5717f1a4aed6dfc20051f9adaa7be5d34f6673c85ffc414f9feacfc5e0fe4e5d8fdd6ba6c90920b3

  • SSDEEP

    12288:V91n+HHOE00xFxSnSBrInG6zpjiN1jy9oVpIRzyQjb0d2FOPG24H3:V9UHHb00Xl8Zi+gpIRzyQjod/PjI

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19046

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      c260c59382ec917b9c319749cb900eafbdff592b14e473f181b82fd29b5db9ad.exe

    • Size

      786KB

    • MD5

      ffd7656707c92c1f0500fcd0661e9628

    • SHA1

      05cf2514396955e91545ba8939a46290b108202a

    • SHA256

      c260c59382ec917b9c319749cb900eafbdff592b14e473f181b82fd29b5db9ad

    • SHA512

      41503d126a2f7cc02a8dd33c6579ed8617afd1c3e1d299211451e80d1e5a4fab736250870645d391ef0187d40bfc1632a74ab1022a3fe258f15c112ae453995d

    • SSDEEP

      24576:kyb3HOzuT8hc5gVWarFqlan32T/1wvbW+:zbcu4WFoJnmT/1wC

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Disabling Security Tools

1
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks