redline | e89afb9d648769916f8b523af396c23e9cf03f1e94439293b6ce794809463bd6 | Triage

Sharing

General

Target

e89afb9d648769916f8b523af396c23e9cf03f1e94439293b6ce794809463bd6
Size

1.1MB
Sample

241109-bv7xqavakq
MD5

3512d01baab3d3da2219ae03e13e7794
SHA1

04e1f7363405d286bcdea5f0425df2bbcb3eefa8
SHA256

e89afb9d648769916f8b523af396c23e9cf03f1e94439293b6ce794809463bd6
SHA512

2f0c1875c6322d2c824f041c71dc4b113705dc57f8e054001c03a52f04d4ca88d85dba52793cf676a0b8c8f82d7ac0f3f71ab26d60f645435d93b2ef78290f30
SSDEEP

24576:QyBtCAfFt6E+SCbzFklFUleKlCmRDaEfifocK3LY:XBRz1CbzFklWlHlXR+7QcuL

Score

10^/10

redline doma discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes

auth_value
8be53af7f78567706928d0abef953ef4

Targets

- Target
  
  e89afb9d648769916f8b523af396c23e9cf03f1e94439293b6ce794809463bd6
- Size
  
  1.1MB
- MD5
  
  3512d01baab3d3da2219ae03e13e7794
- SHA1
  
  04e1f7363405d286bcdea5f0425df2bbcb3eefa8
- SHA256
  
  e89afb9d648769916f8b523af396c23e9cf03f1e94439293b6ce794809463bd6
- SHA512
  
  2f0c1875c6322d2c824f041c71dc4b113705dc57f8e054001c03a52f04d4ca88d85dba52793cf676a0b8c8f82d7ac0f3f71ab26d60f645435d93b2ef78290f30
- SSDEEP
  
  24576:QyBtCAfFt6E+SCbzFklFUleKlCmRDaEfifocK3LY:XBRz1CbzFklWlHlXR+7QcuL
Score

10^/10

redline doma discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedomadiscoveryevasioninfostealerpersistencetrojan