redline | 5c0c8522adeb0b2b5c492e9458b97ef0a2205ce81b7b831010cfe54b2b46db48 | Triage

Resubmissions

05-06-2023 14:45

230605-r414jahb43 6

05-06-2023 14:42

230605-r26k8shb24 10

05-06-2023 14:41

230605-r2q6jshf8y 3

05-06-2023 14:35

230605-rxy1lahf7t 10

Sharing

General

Target

5c0c8522adeb0b2b5c492e9458b97ef0a2205ce81b7b831010cfe54b2b46db48
Size

720KB
Sample

230605-rxy1lahf7t
MD5

89541d318cbcbd02be55b6cf1413e952
SHA1

993b6b723732f26e83475336824ad4a0df0651e0
SHA256

5c0c8522adeb0b2b5c492e9458b97ef0a2205ce81b7b831010cfe54b2b46db48
SHA512

ad9dfbaf1b001f62b2af626e63937421d914aab2a754c1535fc73f63522b2296973ec9cdd0a713a7289333a66dced8765f3bb43103b694d3a43c8b1e23245125
SSDEEP

12288:9MrLy90pnKSGK56I3MbmB4mLCEqh5jgzaGl097e3/HXbQ3QiEqFbMRi:yywnEgCZUcjgzX3Ps3bEIbSi

Score

10^/10

redline maxi evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes

auth_value
6a3f22e5f4209b056a3fd330dc71956a

Targets

- Target
  
  5c0c8522adeb0b2b5c492e9458b97ef0a2205ce81b7b831010cfe54b2b46db48
- Size
  
  720KB
- MD5
  
  89541d318cbcbd02be55b6cf1413e952
- SHA1
  
  993b6b723732f26e83475336824ad4a0df0651e0
- SHA256
  
  5c0c8522adeb0b2b5c492e9458b97ef0a2205ce81b7b831010cfe54b2b46db48
- SHA512
  
  ad9dfbaf1b001f62b2af626e63937421d914aab2a754c1535fc73f63522b2296973ec9cdd0a713a7289333a66dced8765f3bb43103b694d3a43c8b1e23245125
- SSDEEP
  
  12288:9MrLy90pnKSGK56I3MbmB4mLCEqh5jgzaGl097e3/HXbQ3QiEqFbMRi:yywnEgCZUcjgzX3Ps3bEIbSi
Score

10^/10

redline maxi evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemaxievasioninfostealerpersistencetrojan