redline | 20ec4dd93fc260a60db535323e7c81b926d2ac91683cd5830501666f5d355777 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20ec4dd93fc260a60db535323e7c81b926d2ac91683cd5830501666f5d355777
Size

580KB
Sample

230605-rljfrshf3v
MD5

1d1fb051c5028efe4d1079d4a14da1ab
SHA1

5c163d807a126c600eaa571edbaad54ec2bd94d2
SHA256

20ec4dd93fc260a60db535323e7c81b926d2ac91683cd5830501666f5d355777
SHA512

f1d7b65581286a8c93612722a8468dc9c257cf42127f79779f3f6a0797f6c86eed3f2b7f6687088c22deeeb3c52e3a0cfced459a9855022e95cdca691723a990
SSDEEP

12288:RMrCy900N6UvXxzCOQj+9hsQF7TgMFzKI774K//2KVA:Dyj6CpCOr9/9TgMF2I7ten

Score

10^/10

redline diza evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  20ec4dd93fc260a60db535323e7c81b926d2ac91683cd5830501666f5d355777
- Size
  
  580KB
- MD5
  
  1d1fb051c5028efe4d1079d4a14da1ab
- SHA1
  
  5c163d807a126c600eaa571edbaad54ec2bd94d2
- SHA256
  
  20ec4dd93fc260a60db535323e7c81b926d2ac91683cd5830501666f5d355777
- SHA512
  
  f1d7b65581286a8c93612722a8468dc9c257cf42127f79779f3f6a0797f6c86eed3f2b7f6687088c22deeeb3c52e3a0cfced459a9855022e95cdca691723a990
- SSDEEP
  
  12288:RMrCy900N6UvXxzCOQj+9hsQF7TgMFzKI774K//2KVA:Dyj6CpCOr9/9TgMF2I7ten
Score

10^/10

redline diza evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizaevasioninfostealerpersistencetrojan