General

  • Target

    a7554c424dafd07fc48c7d49dd6fb2693116b93c5b5b5d31ffe27a6cd6ad902a

  • Size

    488KB

  • Sample

    241104-rmpdea1cmf

  • MD5

    0d81d2668ab060f1aafd4b0f79485d3c

  • SHA1

    0a30cf65d62f77c5ef4f0b178e0c84aeb483a880

  • SHA256

    a7554c424dafd07fc48c7d49dd6fb2693116b93c5b5b5d31ffe27a6cd6ad902a

  • SHA512

    db7877569031328e69395959b1ef6d3f9faccc549ca71a9496fdc5b86b59a32a79601956e062652d0f5429acca0f6c3f3bd695957ff0410e607526fbfa8115ab

  • SSDEEP

    12288:hMrZy90IeGK/vHMWyGywYVzFsegO+U/WH/ZuCViwUb:MyDcCxVzKBH/ZlUb

Malware Config

Extracted

Family

redline

Botnet

mauga

C2

217.196.96.102:4132

Attributes
  • auth_value

    36f5411cf117f54076fbbb9ea0631fee

Targets

    • Target

      a7554c424dafd07fc48c7d49dd6fb2693116b93c5b5b5d31ffe27a6cd6ad902a

    • Size

      488KB

    • MD5

      0d81d2668ab060f1aafd4b0f79485d3c

    • SHA1

      0a30cf65d62f77c5ef4f0b178e0c84aeb483a880

    • SHA256

      a7554c424dafd07fc48c7d49dd6fb2693116b93c5b5b5d31ffe27a6cd6ad902a

    • SHA512

      db7877569031328e69395959b1ef6d3f9faccc549ca71a9496fdc5b86b59a32a79601956e062652d0f5429acca0f6c3f3bd695957ff0410e607526fbfa8115ab

    • SSDEEP

      12288:hMrZy90IeGK/vHMWyGywYVzFsegO+U/WH/ZuCViwUb:MyDcCxVzKBH/ZlUb

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks