redline | 6b22786187e242f25a3432440e61dc0b94f31ef6137b0a6ed0c9eacb694cac52 | Triage

Sharing

General

Target

6b22786187e242f25a3432440e61dc0b94f31ef6137b0a6ed0c9eacb694cac52
Size

1.1MB
Sample

241109-3fpw5sxlfq
MD5

957405e615c07450d6ca83e683f4e5f7
SHA1

371440308982995a09dba20a6156ed84e184f495
SHA256

6b22786187e242f25a3432440e61dc0b94f31ef6137b0a6ed0c9eacb694cac52
SHA512

a8264a5428351fbeee65c89768633a6eebd2331b570a35caa04bed8129758b7f0d2b6cb698daa03ecee82d7c4b9117161fe929825920da970cacdb3369aa5b4d
SSDEEP

24576:Ey7bJVhSH+r17B0FkMJ9x1C630Vz5un7cpM9nM30I+Q3Xn34k:TPA2RB0Fkox1t0VJuHq34

Score

10^/10

redline doma discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  6b22786187e242f25a3432440e61dc0b94f31ef6137b0a6ed0c9eacb694cac52
- Size
  
  1.1MB
- MD5
  
  957405e615c07450d6ca83e683f4e5f7
- SHA1
  
  371440308982995a09dba20a6156ed84e184f495
- SHA256
  
  6b22786187e242f25a3432440e61dc0b94f31ef6137b0a6ed0c9eacb694cac52
- SHA512
  
  a8264a5428351fbeee65c89768633a6eebd2331b570a35caa04bed8129758b7f0d2b6cb698daa03ecee82d7c4b9117161fe929825920da970cacdb3369aa5b4d
- SSDEEP
  
  24576:Ey7bJVhSH+r17B0FkMJ9x1C630Vz5un7cpM9nM30I+Q3Xn34k:TPA2RB0Fkox1t0VJuHq34
Score

10^/10

redline doma discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryevasioninfostealerpersistencetrojan