redline | f898c0a897ed2c1bd5ab75d619bec853931bee37a8513e3ee295d2efed27942d | Triage

Sharing

General

Target

f898c0a897ed2c1bd5ab75d619bec853931bee37a8513e3ee295d2efed27942d
Size

1.0MB
Sample

230902-qqknysdc2t
MD5

82d11f183aeef193b0f282afa04549ec
SHA1

501c1ae2182753d318e78826b12cf626484dfb6f
SHA256

f898c0a897ed2c1bd5ab75d619bec853931bee37a8513e3ee295d2efed27942d
SHA512

13ae01b573ae52ac18b1e7c1b88377283a58ab587b5a00c212b56f4fa145a7d3abdd7a066d84e0244796a6e7d5946ae17927b008a6f4cf28ad3689a95a988aac
SSDEEP

24576:dyW5PVTLTfBHnOROVe1QGOXs4LXjsjeeI0jNAcbK6it:4APVLfBu9qbLY6qNAoi

Score

10^/10

redline narik evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

narik

C2

77.91.124.82:19071

Attributes

auth_value
07924f5ef90576eb64faea857b8ba3e5

Targets

- Target
  
  f898c0a897ed2c1bd5ab75d619bec853931bee37a8513e3ee295d2efed27942d
- Size
  
  1.0MB
- MD5
  
  82d11f183aeef193b0f282afa04549ec
- SHA1
  
  501c1ae2182753d318e78826b12cf626484dfb6f
- SHA256
  
  f898c0a897ed2c1bd5ab75d619bec853931bee37a8513e3ee295d2efed27942d
- SHA512
  
  13ae01b573ae52ac18b1e7c1b88377283a58ab587b5a00c212b56f4fa145a7d3abdd7a066d84e0244796a6e7d5946ae17927b008a6f4cf28ad3689a95a988aac
- SSDEEP
  
  24576:dyW5PVTLTfBHnOROVe1QGOXs4LXjsjeeI0jNAcbK6it:4APVLfBu9qbLY6qNAoi
Score

10^/10

redline narik evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenarikevasioninfostealerpersistencetrojan