Overview

overview

10

Static

static

3

06131199.exe

windows7-x64

10

06131199.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06131199.exe

  • Size

    737KB

  • Sample

    230606-s5g8gsed68

  • MD5

    17f919838994bdc7f3587da80fa023e6

  • SHA1

    485183ea796e0667d029b01f3b29e71821c35027

  • SHA256

    d43ddd67e502696504b19a2d8468902b31dc6f614303e7d178808fadf4751f74

  • SHA512

    92923e695f56229ef8b3e7c26e1f1f68c17603ace5217e8464362f94aa2449ca446a3867514124b896b069544e441353b8130a0d87529196f8450a112cc2caf6

  • SSDEEP

    12288:tMrny90eerpVNVjjQt+bbsl3MyfgMFkKjGa3I8ZOVhbSgxlN9G5a:2y6rbjvQUb2FkcdOPxpGI

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      06131199.exe

    • Size

      737KB

    • MD5

      17f919838994bdc7f3587da80fa023e6

    • SHA1

      485183ea796e0667d029b01f3b29e71821c35027

    • SHA256

      d43ddd67e502696504b19a2d8468902b31dc6f614303e7d178808fadf4751f74

    • SHA512

      92923e695f56229ef8b3e7c26e1f1f68c17603ace5217e8464362f94aa2449ca446a3867514124b896b069544e441353b8130a0d87529196f8450a112cc2caf6

    • SSDEEP

      12288:tMrny90eerpVNVjjQt+bbsl3MyfgMFkKjGa3I8ZOVhbSgxlN9G5a:2y6rbjvQUb2FkcdOPxpGI

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks