General

  • Target

    8b9697b1e80c580180870b674c6f2683a0104193f4a6fad9634a3a72a151e6f3

  • Size

    770KB

  • Sample

    241104-rm83tazqax

  • MD5

    9a09344d6fc2bbf57f68463c73c7fc9e

  • SHA1

    8e0903162221e8379beb629bde7801b50d007205

  • SHA256

    8b9697b1e80c580180870b674c6f2683a0104193f4a6fad9634a3a72a151e6f3

  • SHA512

    ffa09a131cde36d1cdafe19c05b535298d357e28c8d0012055495fafa151dc74910e9de8b2d80d355ad1772bb2769452721ba58e923c9a933cec2b6b1a0a049c

  • SSDEEP

    12288:mMrmy90LagPJJllsTGdJ4l0TrIonGfw2UMSWspCxOr4D9QCL1PQK3BtbsG:syfgPPllIGdyKIsqXS9O8T63B2G

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      8b9697b1e80c580180870b674c6f2683a0104193f4a6fad9634a3a72a151e6f3

    • Size

      770KB

    • MD5

      9a09344d6fc2bbf57f68463c73c7fc9e

    • SHA1

      8e0903162221e8379beb629bde7801b50d007205

    • SHA256

      8b9697b1e80c580180870b674c6f2683a0104193f4a6fad9634a3a72a151e6f3

    • SHA512

      ffa09a131cde36d1cdafe19c05b535298d357e28c8d0012055495fafa151dc74910e9de8b2d80d355ad1772bb2769452721ba58e923c9a933cec2b6b1a0a049c

    • SSDEEP

      12288:mMrmy90LagPJJllsTGdJ4l0TrIonGfw2UMSWspCxOr4D9QCL1PQK3BtbsG:syfgPPllIGdyKIsqXS9O8T63B2G

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks