General

  • Target

    5c2b2bc993b23e09493c737ca37a70f9cb5ffac5bceb6f5c04766eb569d4a7b5

  • Size

    772KB

  • Sample

    241109-fddd1axhnl

  • MD5

    33247f9be20dab980780cac6b359d369

  • SHA1

    76290e3c798468445f6cf1f55c5c3f56025d4c3a

  • SHA256

    5c2b2bc993b23e09493c737ca37a70f9cb5ffac5bceb6f5c04766eb569d4a7b5

  • SHA512

    4aa5aa324c4550d395d6874baff7d7697e7594cbdf21394df0196e679207bd40a0a68434a6f28b993ca6134f0829ff556c994f3294351cb6f6db10dadc825906

  • SSDEEP

    24576:6yIH4yuVkSUJbjBKLp2BRvAavCuTpE5jt:By49VkS6bjksvCu+5

Malware Config

Extracted

Family

redline

Botnet

dubur

C2

217.196.96.102:4132

Attributes
  • auth_value

    32d04179aa1e8d655d2d80c21f99de41

Targets

    • Target

      5c2b2bc993b23e09493c737ca37a70f9cb5ffac5bceb6f5c04766eb569d4a7b5

    • Size

      772KB

    • MD5

      33247f9be20dab980780cac6b359d369

    • SHA1

      76290e3c798468445f6cf1f55c5c3f56025d4c3a

    • SHA256

      5c2b2bc993b23e09493c737ca37a70f9cb5ffac5bceb6f5c04766eb569d4a7b5

    • SHA512

      4aa5aa324c4550d395d6874baff7d7697e7594cbdf21394df0196e679207bd40a0a68434a6f28b993ca6134f0829ff556c994f3294351cb6f6db10dadc825906

    • SSDEEP

      24576:6yIH4yuVkSUJbjBKLp2BRvAavCuTpE5jt:By49VkS6bjksvCu+5

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks