Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    735KB

  • Sample

    230605-zapgmsbc8s

  • MD5

    1c9179fad34aa4dd246b5ebd3539b7b1

  • SHA1

    04d1a165e2e7dc2f1736223a9cfe1ad7aebacb6a

  • SHA256

    05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976

  • SHA512

    ead9b21f1df264c0fff816a6e11eba1c747cf16bb7dcc65c766f203a848e31b7e882edfc36bee62f6e22eb0639470bed72022759012204c92fb5919251e60edd

  • SSDEEP

    12288:hMrqy90LcnW2YHevd7sSQ3lcPnQgP7ya7NkVBV20IxE:DyA2YHevd7sSI2f5Pua+I0qE

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      file.exe

    • Size

      735KB

    • MD5

      1c9179fad34aa4dd246b5ebd3539b7b1

    • SHA1

      04d1a165e2e7dc2f1736223a9cfe1ad7aebacb6a

    • SHA256

      05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976

    • SHA512

      ead9b21f1df264c0fff816a6e11eba1c747cf16bb7dcc65c766f203a848e31b7e882edfc36bee62f6e22eb0639470bed72022759012204c92fb5919251e60edd

    • SSDEEP

      12288:hMrqy90LcnW2YHevd7sSQ3lcPnQgP7ya7NkVBV20IxE:DyA2YHevd7sSI2f5Pua+I0qE

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks