redline | a153f5b087af53b81d2a4616e7d17b1ccd993b0320093505ef32a8880bd1ddb9 | Triage

Sharing

General

Target

a153f5b087af53b81d2a4616e7d17b1ccd993b0320093505ef32a8880bd1ddb9
Size

945KB
Sample

230821-gtl7hsda5w
MD5

609cb32ef2b55e55395635c9421af3df
SHA1

daca227d27f566113c01fbb9c109d0bf0822411a
SHA256

a153f5b087af53b81d2a4616e7d17b1ccd993b0320093505ef32a8880bd1ddb9
SHA512

c1c922ba295ebcc7a11e5fcbafb1d6edbf2521877bc763585119cd808e6c9990445da5ff8976ede8d86508688f06dee7c07656d9bdd1e26ab4d62d5c84186459
SSDEEP

12288:+Mrgy90QBYVFBtHi/Ev/Yeuiqhc/0lse8BR5AyJ5ku7q2jnKyURrIUjRYwtGrFrO:SyMptHq80lIH5ku7qFyQRGRrRrDVy

Score

10^/10

redline chang evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

chang

C2

77.91.124.73:19071

Attributes

auth_value
92b880db64e691d6bb290d1536ce7688

Targets

- Target
  
  a153f5b087af53b81d2a4616e7d17b1ccd993b0320093505ef32a8880bd1ddb9
- Size
  
  945KB
- MD5
  
  609cb32ef2b55e55395635c9421af3df
- SHA1
  
  daca227d27f566113c01fbb9c109d0bf0822411a
- SHA256
  
  a153f5b087af53b81d2a4616e7d17b1ccd993b0320093505ef32a8880bd1ddb9
- SHA512
  
  c1c922ba295ebcc7a11e5fcbafb1d6edbf2521877bc763585119cd808e6c9990445da5ff8976ede8d86508688f06dee7c07656d9bdd1e26ab4d62d5c84186459
- SSDEEP
  
  12288:+Mrgy90QBYVFBtHi/Ev/Yeuiqhc/0lse8BR5AyJ5ku7q2jnKyURrIUjRYwtGrFrO:SyMptHq80lIH5ku7qFyQRGRrRrDVy
Score

10^/10

redline chang evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinechangevasioninfostealerpersistencetrojan