Overview

overview

10

Static

static

3

185679c129...be.exe

windows7-x64

10

185679c129...be.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    185679c1298c3016bb3fa5969d6094be.exe

  • Size

    856KB

  • Sample

    230606-s3dsaaeh91

  • MD5

    185679c1298c3016bb3fa5969d6094be

  • SHA1

    223fa5aa925d9a30f03d62110945f00110fa32b7

  • SHA256

    903dc8ab5fda74961759ac38659486b390d8ed0a093519d2ff7b7bd5f45b01ed

  • SHA512

    16f938c11a2a97c144d33d5aa69b89b3ffba6c0b1b6ce032b7e2f41e6de0dc587e6365694c3e8af4489d56c0edc770aa6cd0ec895b5e866817757b237dd5d954

  • SSDEEP

    24576:EyncUtO7A6LbI7xy926PDRTlOog29qmzFHP:TcU8PY7xy9DVlO72MSH

Score
10/10
redlinelupaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a764aa41830c77712442516d143bc9c

Targets

    • Target

      185679c1298c3016bb3fa5969d6094be.exe

    • Size

      856KB

    • MD5

      185679c1298c3016bb3fa5969d6094be

    • SHA1

      223fa5aa925d9a30f03d62110945f00110fa32b7

    • SHA256

      903dc8ab5fda74961759ac38659486b390d8ed0a093519d2ff7b7bd5f45b01ed

    • SHA512

      16f938c11a2a97c144d33d5aa69b89b3ffba6c0b1b6ce032b7e2f41e6de0dc587e6365694c3e8af4489d56c0edc770aa6cd0ec895b5e866817757b237dd5d954

    • SSDEEP

      24576:EyncUtO7A6LbI7xy926PDRTlOog29qmzFHP:TcU8PY7xy9DVlO72MSH

    Score
    10/10
    redlinelupaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks