redline | c80c62cb36100bae60b9836bfce75dcbf1794dde3448a4159ea03539f7462b29 | Triage

Sharing

General

Target

c80c62cb36100bae60b9836bfce75dcbf1794dde3448a4159ea03539f7462b29
Size

1.1MB
Sample

241104-tbsyka1rd1
MD5

0b90bdd163edb1f46e7cfcf55a53d6f5
SHA1

b52d04d5311e4899dcf0f8e6ad940f4f23f0c440
SHA256

c80c62cb36100bae60b9836bfce75dcbf1794dde3448a4159ea03539f7462b29
SHA512

2106f07c22f0e1f2513146e64b2c12d24522a7fa84b1f6b4c3e8e8d2ecbbee5f885130bbd1391bc9c177186026d70a66be0aadf0013e9f67d000812ae5d952e1
SSDEEP

24576:/yQi3lODYT2UzFkLK73vsht9I7M8B4993/lj5fo63mRjY+:KQqsYT2UzFkezsNI7MzH39Noeqj

Score

10^/10

redline doma discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  c80c62cb36100bae60b9836bfce75dcbf1794dde3448a4159ea03539f7462b29
- Size
  
  1.1MB
- MD5
  
  0b90bdd163edb1f46e7cfcf55a53d6f5
- SHA1
  
  b52d04d5311e4899dcf0f8e6ad940f4f23f0c440
- SHA256
  
  c80c62cb36100bae60b9836bfce75dcbf1794dde3448a4159ea03539f7462b29
- SHA512
  
  2106f07c22f0e1f2513146e64b2c12d24522a7fa84b1f6b4c3e8e8d2ecbbee5f885130bbd1391bc9c177186026d70a66be0aadf0013e9f67d000812ae5d952e1
- SSDEEP
  
  24576:/yQi3lODYT2UzFkLK73vsht9I7M8B4993/lj5fo63mRjY+:KQqsYT2UzFkezsNI7MzH39Noeqj
Score

10^/10

redline doma discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryevasioninfostealerpersistencetrojan