General

  • Target

    f364508883bc6bda2d0229ca660c6a0e7800002cb788446f67cea61eaf65d626

  • Size

    771KB

  • Sample

    241109-fdnjzaxhla

  • MD5

    4c7b78498ee24b338eeaa207ab6f1928

  • SHA1

    60a5202bca4553fa72bf1cb508f4c7fc7a2dfb79

  • SHA256

    f364508883bc6bda2d0229ca660c6a0e7800002cb788446f67cea61eaf65d626

  • SHA512

    db19e4ec500acff5e9f228cf3d058df7c76743033cd470c00f2fbaea7c6649af683d0d5402caca37137a0eb938982204eeec70e062b46e48d0521f11281c6b2b

  • SSDEEP

    12288:gMrpy90asiBQTgKWMxX7XRJy+iT1Cyy3x7eKwvq/mQACWglVnTw2aGIvWdFF+:Zy6i0LXRssP/BAYvT1XLc

Malware Config

Extracted

Family

redline

Botnet

misik

C2

217.196.96.102:4132

Attributes
  • auth_value

    9133827666bc8f4b05339316460b08aa

Targets

    • Target

      f364508883bc6bda2d0229ca660c6a0e7800002cb788446f67cea61eaf65d626

    • Size

      771KB

    • MD5

      4c7b78498ee24b338eeaa207ab6f1928

    • SHA1

      60a5202bca4553fa72bf1cb508f4c7fc7a2dfb79

    • SHA256

      f364508883bc6bda2d0229ca660c6a0e7800002cb788446f67cea61eaf65d626

    • SHA512

      db19e4ec500acff5e9f228cf3d058df7c76743033cd470c00f2fbaea7c6649af683d0d5402caca37137a0eb938982204eeec70e062b46e48d0521f11281c6b2b

    • SSDEEP

      12288:gMrpy90asiBQTgKWMxX7XRJy+iT1Cyy3x7eKwvq/mQACWglVnTw2aGIvWdFF+:Zy6i0LXRssP/BAYvT1XLc

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks