General

  • Target

    v5084366.exe

  • Size

    749KB

  • Sample

    230627-c622aach33

  • MD5

    d13cdcc7a3e4b53c6353806332e2a38c

  • SHA1

    3c077fca0e2c0164d0b3e64bf736ff657617eb64

  • SHA256

    4d84a8443fa38a0e67764103a311bf6a6a69683b9686cc4d861a88566d4c4f71

  • SHA512

    5a58fe0028a274999ed288adc9be7a584c1c76c2ef4dc3df6f44e67b9aeb475499135449c1ec9adf4ec2413dc4e6ec6d87ae2134311ccafd0ad75c0c44e8af70

  • SSDEEP

    12288:RMrMy90V4IbzNlS1XPir2vE3tknE7xwgT/L8hjAog2vr+YAbYb:5yg4IvvStqavOknsq6j8yogYr/AM

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.122:19062

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      v5084366.exe

    • Size

      749KB

    • MD5

      d13cdcc7a3e4b53c6353806332e2a38c

    • SHA1

      3c077fca0e2c0164d0b3e64bf736ff657617eb64

    • SHA256

      4d84a8443fa38a0e67764103a311bf6a6a69683b9686cc4d861a88566d4c4f71

    • SHA512

      5a58fe0028a274999ed288adc9be7a584c1c76c2ef4dc3df6f44e67b9aeb475499135449c1ec9adf4ec2413dc4e6ec6d87ae2134311ccafd0ad75c0c44e8af70

    • SSDEEP

      12288:RMrMy90V4IbzNlS1XPir2vE3tknE7xwgT/L8hjAog2vr+YAbYb:5yg4IvvStqavOknsq6j8yogYr/AM

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Tasks