General

  • Target

    dd141210b6125dbea5a2cf0a95cdc8d4df8f796867b95320acf2b1aff01b91d3

  • Size

    769KB

  • Sample

    241109-gntdmsyhkq

  • MD5

    41fad724cb26d5d0008cb7f2861fff59

  • SHA1

    2d039f371b2963876ef339f5f126368202e914da

  • SHA256

    dd141210b6125dbea5a2cf0a95cdc8d4df8f796867b95320acf2b1aff01b91d3

  • SHA512

    19638d97fa610ce0cd6212ba4ca26c98dd1093f30de474ae3f63ce62783d79c369b9a5c528e20f5aff936d97965f89be887a5955b970590edbdd7a515eb52407

  • SSDEEP

    12288:+Mrhy90Cg2+RJ98BtAs/Y2frKBOIua3cJE5AzUjSXm2aWLvvbK:vyOwes/3Iua3ZabyWLvzK

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      dd141210b6125dbea5a2cf0a95cdc8d4df8f796867b95320acf2b1aff01b91d3

    • Size

      769KB

    • MD5

      41fad724cb26d5d0008cb7f2861fff59

    • SHA1

      2d039f371b2963876ef339f5f126368202e914da

    • SHA256

      dd141210b6125dbea5a2cf0a95cdc8d4df8f796867b95320acf2b1aff01b91d3

    • SHA512

      19638d97fa610ce0cd6212ba4ca26c98dd1093f30de474ae3f63ce62783d79c369b9a5c528e20f5aff936d97965f89be887a5955b970590edbdd7a515eb52407

    • SSDEEP

      12288:+Mrhy90Cg2+RJ98BtAs/Y2frKBOIua3cJE5AzUjSXm2aWLvvbK:vyOwes/3Iua3ZabyWLvzK

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks