General

  • Target

    8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f

  • Size

    771KB

  • Sample

    241104-rlx9xszpht

  • MD5

    c704b7bd29de0c4c33d849304adb0ae0

  • SHA1

    da6a7b80a3b5e7b4ca349f4d12695959df31e391

  • SHA256

    8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f

  • SHA512

    1d462851dc4ec6081798edd478938bec9158e6cc90eb6e3c78a82960a5fa19b64c2b15cc003b9c138165efd6108a15e6da8012cd97c909a39558f08398e3c082

  • SSDEEP

    12288:gMrpy90asNXTDiw51/etQNxPzi8NEFA//6xJtQauQKJRIdpjECTTIs4Q2STzcpN7:5ySutQN48F/yvtbKcpj6C2STzc/LX

Malware Config

Extracted

Family

redline

Botnet

dubur

C2

217.196.96.102:4132

Attributes
  • auth_value

    32d04179aa1e8d655d2d80c21f99de41

Targets

    • Target

      8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f

    • Size

      771KB

    • MD5

      c704b7bd29de0c4c33d849304adb0ae0

    • SHA1

      da6a7b80a3b5e7b4ca349f4d12695959df31e391

    • SHA256

      8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f

    • SHA512

      1d462851dc4ec6081798edd478938bec9158e6cc90eb6e3c78a82960a5fa19b64c2b15cc003b9c138165efd6108a15e6da8012cd97c909a39558f08398e3c082

    • SSDEEP

      12288:gMrpy90asNXTDiw51/etQNxPzi8NEFA//6xJtQauQKJRIdpjECTTIs4Q2STzcpN7:5ySutQN48F/yvtbKcpj6C2STzc/LX

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks