Overview

overview

10

Static

static

3

06f847e002...f2.exe

windows7-x64

10

06f847e002...f2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    06f847e002fad66523d7345a0ac502f2.exe

  • Size

    583KB

  • Sample

    230606-cp5qvacc5s

  • MD5

    06f847e002fad66523d7345a0ac502f2

  • SHA1

    b368ae5520633b422dc622fd54e66411e2b1b1db

  • SHA256

    23fc1064282732199ad662b196d1bf0ea0041570247c4958b81e8d87978b7ca9

  • SHA512

    9e7848b4bafcb49584e2ad0ebcd28f13eca79829e263112d3dce98b2ca7e6bd5cccbe5f2839a8c5e10f3ea2d2799c0934866c7eae153134d5689f01dd3effe7d

  • SSDEEP

    12288:zMroy90oBdmyc91ZSZWbZ5Uw9dBXhxWs1j4TsLF+XbAN7zBm:DyPBI4Wt5d9dBXL+TqgqvY

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      06f847e002fad66523d7345a0ac502f2.exe

    • Size

      583KB

    • MD5

      06f847e002fad66523d7345a0ac502f2

    • SHA1

      b368ae5520633b422dc622fd54e66411e2b1b1db

    • SHA256

      23fc1064282732199ad662b196d1bf0ea0041570247c4958b81e8d87978b7ca9

    • SHA512

      9e7848b4bafcb49584e2ad0ebcd28f13eca79829e263112d3dce98b2ca7e6bd5cccbe5f2839a8c5e10f3ea2d2799c0934866c7eae153134d5689f01dd3effe7d

    • SSDEEP

      12288:zMroy90oBdmyc91ZSZWbZ5Uw9dBXhxWs1j4TsLF+XbAN7zBm:DyPBI4Wt5d9dBXL+TqgqvY

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks