redline | 703d3e9c7c4570b7c4351f244f5c3aae501a3997975f9345db81b7de49e47f43 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

703d3e9c7c4570b7c4351f244f5c3aae501a3997975f9345db81b7de49e47f43
Size

579KB
Sample

230605-r1yt1ahf8w
MD5

2c64ab25262e4b045c135e5c6383406e
SHA1

c8111ad90d3e2a28f3166f359a22a0a5ea887ac5
SHA256

703d3e9c7c4570b7c4351f244f5c3aae501a3997975f9345db81b7de49e47f43
SHA512

075763e80bdf156633a0b100f48ee5c7cb86b5a9449a69d773eae2ca560d948370af9b5c501abd6dc9795fa756513a3d570e35841d36b417ae96c1caf3c315ec
SSDEEP

12288:DMrRy90ONXOyqC4XPRuDQ48KVdfGvsDG/6teIpf6:Cy01r4ZdOkCGeIpf6

Score

10^/10

redline diza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  703d3e9c7c4570b7c4351f244f5c3aae501a3997975f9345db81b7de49e47f43
- Size
  
  579KB
- MD5
  
  2c64ab25262e4b045c135e5c6383406e
- SHA1
  
  c8111ad90d3e2a28f3166f359a22a0a5ea887ac5
- SHA256
  
  703d3e9c7c4570b7c4351f244f5c3aae501a3997975f9345db81b7de49e47f43
- SHA512
  
  075763e80bdf156633a0b100f48ee5c7cb86b5a9449a69d773eae2ca560d948370af9b5c501abd6dc9795fa756513a3d570e35841d36b417ae96c1caf3c315ec
- SSDEEP
  
  12288:DMrRy90ONXOyqC4XPRuDQ48KVdfGvsDG/6teIpf6:Cy01r4ZdOkCGeIpf6
Score

10^/10

redline diza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizaevasioninfostealerpersistencetrojan