redline | 09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1 | Triage

Sharing

General

Target

09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1
Size

823KB
Sample

230821-efkqesaf83
MD5

518f0ed5a5fb0affd243f17820ff9daf
SHA1

713884f771ed469091f0ff492d993c55ac04cac4
SHA256

09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1
SHA512

1ad6ab6dcf99b4aa6bed4c87e76c1bb0cd63efa848c5e1a1ce432a2f07275db137654822ba57328320b5771354e2184c8ad0b8cf37773633353ea7bae83610c0
SSDEEP

12288:dMrHy90GYbFfNluw400uhhOjSjuQNv6tBKJyCZiUOK1oab2KK6gVDAFI90:KyfAQR0R0jypCBmytUZ1B2lrDAFI90

Score

10^/10

redline chang evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

chang

C2

77.91.124.73:19071

Attributes

auth_value
92b880db64e691d6bb290d1536ce7688

Targets

- Target
  
  09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1
- Size
  
  823KB
- MD5
  
  518f0ed5a5fb0affd243f17820ff9daf
- SHA1
  
  713884f771ed469091f0ff492d993c55ac04cac4
- SHA256
  
  09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1
- SHA512
  
  1ad6ab6dcf99b4aa6bed4c87e76c1bb0cd63efa848c5e1a1ce432a2f07275db137654822ba57328320b5771354e2184c8ad0b8cf37773633353ea7bae83610c0
- SSDEEP
  
  12288:dMrHy90GYbFfNluw400uhhOjSjuQNv6tBKJyCZiUOK1oab2KK6gVDAFI90:KyfAQR0R0jypCBmytUZ1B2lrDAFI90
Score

10^/10

redline chang evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinechangevasioninfostealerpersistencetrojan