General

  • Target

    b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5

  • Size

    883KB

  • Sample

    241104-rbq3vs1apg

  • MD5

    6315ff5997f40db6e7c02f0e2591c41d

  • SHA1

    82829b5f4b99eb0ef813b80b38b51c57ec58ccc9

  • SHA256

    b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5

  • SHA512

    41c1c5a72f02d5c188d7f66e8f21526805b8f62939b4ba1068814359e3458cdb54e36995a601b5731517f695b063bd90f0cf224afdc672ef27f2c22c448a3250

  • SSDEEP

    12288:nMrPy90TXfzH/hODiZHPJaNkpwao6OUmpXwNjaFd8kYM/N+CQ:MySrhO2HhaswV2aXF8d

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5

    • Size

      883KB

    • MD5

      6315ff5997f40db6e7c02f0e2591c41d

    • SHA1

      82829b5f4b99eb0ef813b80b38b51c57ec58ccc9

    • SHA256

      b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5

    • SHA512

      41c1c5a72f02d5c188d7f66e8f21526805b8f62939b4ba1068814359e3458cdb54e36995a601b5731517f695b063bd90f0cf224afdc672ef27f2c22c448a3250

    • SSDEEP

      12288:nMrPy90TXfzH/hODiZHPJaNkpwao6OUmpXwNjaFd8kYM/N+CQ:MySrhO2HhaswV2aXF8d

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks