redline | 5e11ead653a6275f741830a7cbe6494aca50e094e5ca297bbffaba3b7f9c1929 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e11ead653a6275f741830a7cbe6494aca50e094e5ca297bbffaba3b7f9c1929
Size

735KB
Sample

230616-vj54jaff41
MD5

e171b6677d0d330e74f32f7b99822fd0
SHA1

82c7cc55f31fbfb28d0420121b8dc5dfe98a52ee
SHA256

5e11ead653a6275f741830a7cbe6494aca50e094e5ca297bbffaba3b7f9c1929
SHA512

dfb0fd5e32bd0ab2b507c0231c8dde82958d6da5e624ecc2dd9a7aa1f6de9f868f2822987eb4b08ce9bee4b5bbdce77097cebb701cb8f75c0dab71a871ff14e7
SSDEEP

12288:iMr1y90uTbKKcF0ofOT06GVVxFHZ7KrUVptrKZ9hw3Afjau0FCByt:Xy3fFc6fYlnFYSM99r4yyt

Score

10^/10

redline dedo evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

dedo

C2

83.97.73.130:19061

Attributes

auth_value
ac76f7438fbe49011f900c651cb85e26

Targets

- Target
  
  5e11ead653a6275f741830a7cbe6494aca50e094e5ca297bbffaba3b7f9c1929
- Size
  
  735KB
- MD5
  
  e171b6677d0d330e74f32f7b99822fd0
- SHA1
  
  82c7cc55f31fbfb28d0420121b8dc5dfe98a52ee
- SHA256
  
  5e11ead653a6275f741830a7cbe6494aca50e094e5ca297bbffaba3b7f9c1929
- SHA512
  
  dfb0fd5e32bd0ab2b507c0231c8dde82958d6da5e624ecc2dd9a7aa1f6de9f868f2822987eb4b08ce9bee4b5bbdce77097cebb701cb8f75c0dab71a871ff14e7
- SSDEEP
  
  12288:iMr1y90uTbKKcF0ofOT06GVVxFHZ7KrUVptrKZ9hw3Afjau0FCByt:Xy3fFc6fYlnFYSM99r4yyt
Score

10^/10

redline dedo evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinededoevasioninfostealerpersistencetrojan