General

  • Target

    ed5d368fabba2fa0b39795e4b10060abb769a82b18e9d3cfe1e60cbf2b049433

  • Size

    769KB

  • Sample

    241109-gvq7vszajd

  • MD5

    de69bf212c6b8072e8c35a520e6bd058

  • SHA1

    a44da60a032e14949cf223cb81c6627c38a7861f

  • SHA256

    ed5d368fabba2fa0b39795e4b10060abb769a82b18e9d3cfe1e60cbf2b049433

  • SHA512

    1e6b1ffc7dc7e4737d3b42df6baca0b3279061f32b2c21cfb3a675185957ba6a544583d48cee490af4970c165c118660689e4766c48d0b605041444ca835c245

  • SSDEEP

    12288:IMrSy90T6+uAc/1q23VPUf+rGiHnCwKZQpYHrXQuAUCjvd0Ml7EWVB:6yKc/1qGVsfaPKAiXQuGj10M1XVB

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      ed5d368fabba2fa0b39795e4b10060abb769a82b18e9d3cfe1e60cbf2b049433

    • Size

      769KB

    • MD5

      de69bf212c6b8072e8c35a520e6bd058

    • SHA1

      a44da60a032e14949cf223cb81c6627c38a7861f

    • SHA256

      ed5d368fabba2fa0b39795e4b10060abb769a82b18e9d3cfe1e60cbf2b049433

    • SHA512

      1e6b1ffc7dc7e4737d3b42df6baca0b3279061f32b2c21cfb3a675185957ba6a544583d48cee490af4970c165c118660689e4766c48d0b605041444ca835c245

    • SSDEEP

      12288:IMrSy90T6+uAc/1q23VPUf+rGiHnCwKZQpYHrXQuAUCjvd0Ml7EWVB:6yKc/1qGVsfaPKAiXQuGj10M1XVB

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks