redline | 74383a6ef36db7971036f0f0320eb6f5c566786705105cff0dd9d3bbca077d89 | Triage

Sharing

General

Target

74383a6ef36db7971036f0f0320eb6f5c566786705105cff0dd9d3bbca077d89
Size

1.1MB
Sample

241104-rmy8ls1cmh
MD5

68efff99d079df5c20a3aa3803cdfe88
SHA1

e897a1925f8ff50fa4c05fbfbc648d251514ae06
SHA256

74383a6ef36db7971036f0f0320eb6f5c566786705105cff0dd9d3bbca077d89
SHA512

84abf76823062dd6c0b49ff756d5356f89eeb09805799f4e06eec2484db3ffc86d8bcc52375cd115040400ca0c1e69c8a977d0eaa7baad45082e094607b041fb
SSDEEP

24576:syLLiiM3kDbHEFg9mOf/cE0eocIXW3N++HvhOpMuN3:bLuiM3k3HEFg94E08kWw5N

Score

10^/10

redline doma discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  74383a6ef36db7971036f0f0320eb6f5c566786705105cff0dd9d3bbca077d89
- Size
  
  1.1MB
- MD5
  
  68efff99d079df5c20a3aa3803cdfe88
- SHA1
  
  e897a1925f8ff50fa4c05fbfbc648d251514ae06
- SHA256
  
  74383a6ef36db7971036f0f0320eb6f5c566786705105cff0dd9d3bbca077d89
- SHA512
  
  84abf76823062dd6c0b49ff756d5356f89eeb09805799f4e06eec2484db3ffc86d8bcc52375cd115040400ca0c1e69c8a977d0eaa7baad45082e094607b041fb
- SSDEEP
  
  24576:syLLiiM3kDbHEFg9mOf/cE0eocIXW3N++HvhOpMuN3:bLuiM3k3HEFg94E08kWw5N
Score

10^/10

redline doma discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryevasioninfostealerpersistencetrojan