redline | bdd10924ef4656d290b7285797ca3931aee97a88e510bdb7d163a1bf1aa83957 | Triage

Sharing

General

Target

bdd10924ef4656d290b7285797ca3931aee97a88e510bdb7d163a1bf1aa83957
Size

722KB
Sample

230607-efjs5ahd2s
MD5

799c10b2f2d20f3b4d6333a77784a6ce
SHA1

b36c77a1779251a5fe7b8ee229a9960bc0cc0463
SHA256

bdd10924ef4656d290b7285797ca3931aee97a88e510bdb7d163a1bf1aa83957
SHA512

b9bd765cf17c9310e7165ca2df8e2423c0b048c46c2bd251a050a5e79d41bc5e06d1dd2629ae663ae35297bdb2052ac758f2d27e8718d1c8ddd185af702b2829
SSDEEP

12288:dMrgy90HdavB8HjuWiZjwp/yfI0AiNu3gggKaQ5Tj/MXDGb/sM+rE9unKL5RGa:dyMWB3BZjM/y7Nu3oKf0zGb/sHrE9uns

Score

10^/10

redline dasa evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

dasa

C2

83.97.73.126:19048

Attributes

auth_value
7eca6ed540c2dcd359aed5b67c4eda07

Targets

- Target
  
  bdd10924ef4656d290b7285797ca3931aee97a88e510bdb7d163a1bf1aa83957
- Size
  
  722KB
- MD5
  
  799c10b2f2d20f3b4d6333a77784a6ce
- SHA1
  
  b36c77a1779251a5fe7b8ee229a9960bc0cc0463
- SHA256
  
  bdd10924ef4656d290b7285797ca3931aee97a88e510bdb7d163a1bf1aa83957
- SHA512
  
  b9bd765cf17c9310e7165ca2df8e2423c0b048c46c2bd251a050a5e79d41bc5e06d1dd2629ae663ae35297bdb2052ac758f2d27e8718d1c8ddd185af702b2829
- SSDEEP
  
  12288:dMrgy90HdavB8HjuWiZjwp/yfI0AiNu3gggKaQ5Tj/MXDGb/sM+rE9unKL5RGa:dyMWB3BZjM/y7Nu3oKf0zGb/sHrE9uns
Score

10^/10

redline dasa evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedasaevasioninfostealerpersistencetrojan