General

  • Target

    1938941ebd0deee712fe1d12346887e342521e0589d0777e277a7b7636ce1adc

  • Size

    770KB

  • Sample

    241109-fehp4sxhql

  • MD5

    d601f90f88eab3075090a023267585ce

  • SHA1

    c126dc785df1c0cbf13dc93aa90b875a0a392ccc

  • SHA256

    1938941ebd0deee712fe1d12346887e342521e0589d0777e277a7b7636ce1adc

  • SHA512

    25f467b2e820acb0e2a7d6f27985759a22a3ad925489ebd6c5f686450adcaa416ee6a5e5eed13b3b4b69115d3e89b9e79b275dea68f3117a5980ca4bc035ca62

  • SSDEEP

    24576:pykbZIAHMPSpNHlGFZXqQlvZT22lVEsYhUO:c8eAHMQNlGFZXqYvNBy

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      1938941ebd0deee712fe1d12346887e342521e0589d0777e277a7b7636ce1adc

    • Size

      770KB

    • MD5

      d601f90f88eab3075090a023267585ce

    • SHA1

      c126dc785df1c0cbf13dc93aa90b875a0a392ccc

    • SHA256

      1938941ebd0deee712fe1d12346887e342521e0589d0777e277a7b7636ce1adc

    • SHA512

      25f467b2e820acb0e2a7d6f27985759a22a3ad925489ebd6c5f686450adcaa416ee6a5e5eed13b3b4b69115d3e89b9e79b275dea68f3117a5980ca4bc035ca62

    • SSDEEP

      24576:pykbZIAHMPSpNHlGFZXqQlvZT22lVEsYhUO:c8eAHMQNlGFZXqYvNBy

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks