Overview

overview

10

Static

static

3

6514103594...96.exe

windows7-x64

10

6514103594...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    302b0f6d712eba3d1a0b8ebf8dc98aec.bin

  • Size

    695KB

  • Sample

    230608-bk6xnsab99

  • MD5

    2b61636ffdfcc85a18370ccd6a959e3f

  • SHA1

    1031c5e13868fb4379a9fe2d90db08784a9b7ec4

  • SHA256

    0c4062869a261fa4fc259ba7e42469d7cf25aad8ffad180aacd66e681a95e4a0

  • SHA512

    3ced7a58efdfbb98505060a079139b40cf325fbb586440059489253bdd0128f44501ae02db0697098cd6e177ea0f4f5a150f67e9c96f00440ab02136b7e3664f

  • SSDEEP

    12288:ac6KybTQhrd0C25pnTyWbC90OkOZP4rb70HXsE9lh5nfTHLjGU99BUOu2Kz:aPRbMX0C2vTvCaOkOFamXsE9pnjnBjeV

Score
10/10
redlinemaxievasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796.exe

    • Size

      739KB

    • MD5

      302b0f6d712eba3d1a0b8ebf8dc98aec

    • SHA1

      6c564fafa65f2ab0b6bd5ea791cac254ab7cf331

    • SHA256

      65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796

    • SHA512

      4d1e5352ecf82540e3ee2b065bb3ca32b1bac2d5291eeb94a8d896b89369b86b09f68943fde2ca6ac50aac2d629bfd8b74f5565c790d7834f2e53368fff634c6

    • SSDEEP

      12288:IMrWy90kbJ6cC+DS6NYfJBBHjUmHzf7J3NPS/qygFBreKIvBCJW5yoQP:eyNJTDSdPbN3NPGqyyBrkIJIyvP

    Score
    10/10
    redlinemaxievasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks