Overview

overview

10

Static

static

3

JC_069be68...6c.exe

windows7-x64

10

JC_069be68...6c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    JC_069be689f7d34d8e49bf5986a9af4f9d599f1076370daacb57a2d647611bc96c

  • Size

    938KB

  • Sample

    230903-la1ysagg71

  • MD5

    70c506ef747307b55f2fa68cf64e0088

  • SHA1

    d57e84d72fe1ae891cc0c284fa5a70bd875af1b2

  • SHA256

    069be689f7d34d8e49bf5986a9af4f9d599f1076370daacb57a2d647611bc96c

  • SHA512

    17b8d2ebdbfea963c180587f297d6c69f36395ae7588fb5018fd922b08f2ab1e1ba304ab68735aff182b7d5a4dbead7f261a1826fbd67b4bab49fde0fabb7b0d

  • SSDEEP

    24576:uyLh7LcTiiJswoblZ2wJCIluY/TlQ+HQD1Q:9Lhzi2wopdCIluopq

Score
10/10
redlinenarikevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

narik

C2

77.91.124.82:19071

Attributes
  • auth_value

    07924f5ef90576eb64faea857b8ba3e5

Targets

    • Target

      JC_069be689f7d34d8e49bf5986a9af4f9d599f1076370daacb57a2d647611bc96c

    • Size

      938KB

    • MD5

      70c506ef747307b55f2fa68cf64e0088

    • SHA1

      d57e84d72fe1ae891cc0c284fa5a70bd875af1b2

    • SHA256

      069be689f7d34d8e49bf5986a9af4f9d599f1076370daacb57a2d647611bc96c

    • SHA512

      17b8d2ebdbfea963c180587f297d6c69f36395ae7588fb5018fd922b08f2ab1e1ba304ab68735aff182b7d5a4dbead7f261a1826fbd67b4bab49fde0fabb7b0d

    • SSDEEP

      24576:uyLh7LcTiiJswoblZ2wJCIluY/TlQ+HQD1Q:9Lhzi2wopdCIluopq

    Score
    10/10
    redlinenarikevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks