redline | 1d50cbacb80eaef73da70abf3f754674d02f89d92af427c79e03b4fc29b51835 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d50cbacb80eaef73da70abf3f754674d02f89d92af427c79e03b4fc29b51835
Size

856KB
Sample

230606-jx1kesdc2z
MD5

0278485cd55b5d7edaf9932963dfb9f0
SHA1

9f43845456389b63dd4098b654206bfee914d39f
SHA256

1d50cbacb80eaef73da70abf3f754674d02f89d92af427c79e03b4fc29b51835
SHA512

17aaeacb10b3eb2cebf04240a50fb3b31b2893c269f1268df914e80f39b52edf23db7da2f1bd36a1ee6e29dde578b102790209b1b2bd8b833719f58a1b3b4a49
SSDEEP

24576:sy8lwMrF7JFC+YPnKCeppoaLRNDmTkXN7:bHMrF7L5Y/fEoa9VmK

Score

10^/10

redline lupa evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

83.97.73.126:19048

Attributes

auth_value
6a764aa41830c77712442516d143bc9c

Targets

- Target
  
  1d50cbacb80eaef73da70abf3f754674d02f89d92af427c79e03b4fc29b51835
- Size
  
  856KB
- MD5
  
  0278485cd55b5d7edaf9932963dfb9f0
- SHA1
  
  9f43845456389b63dd4098b654206bfee914d39f
- SHA256
  
  1d50cbacb80eaef73da70abf3f754674d02f89d92af427c79e03b4fc29b51835
- SHA512
  
  17aaeacb10b3eb2cebf04240a50fb3b31b2893c269f1268df914e80f39b52edf23db7da2f1bd36a1ee6e29dde578b102790209b1b2bd8b833719f58a1b3b4a49
- SSDEEP
  
  24576:sy8lwMrF7JFC+YPnKCeppoaLRNDmTkXN7:bHMrF7L5Y/fEoa9VmK
Score

10^/10

redline lupa evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelupaevasioninfostealerpersistencetrojan