General

  • Target

    0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef

  • Size

    1.1MB

  • Sample

    241109-x4xzrstkck

  • MD5

    dccb3cbd0acd5d0cb6ef767b72909390

  • SHA1

    c12bc9eef6728011a45f109c82a33fd3a834c440

  • SHA256

    0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef

  • SHA512

    d35f2aaab54e67ddbb1bb03852761bf7ff19a44a4cd76defe2cffa186a1bfc641f2ee8a4ec324f8cd685b4f2295720c048023b6806780df21a7f3e1a9bf4ca6f

  • SSDEEP

    24576:SyLD3H/o9l/F/9f7otwzeHc3vAqilWbpR9ukV:5LrQTFzDAHcbpru

Malware Config

Extracted

Family

redline

Botnet

miran

C2

185.161.248.75:4132

Attributes
  • auth_value

    f1084732cb99b2cbe314a2a565371e6c

Targets

    • Target

      0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef

    • Size

      1.1MB

    • MD5

      dccb3cbd0acd5d0cb6ef767b72909390

    • SHA1

      c12bc9eef6728011a45f109c82a33fd3a834c440

    • SHA256

      0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef

    • SHA512

      d35f2aaab54e67ddbb1bb03852761bf7ff19a44a4cd76defe2cffa186a1bfc641f2ee8a4ec324f8cd685b4f2295720c048023b6806780df21a7f3e1a9bf4ca6f

    • SSDEEP

      24576:SyLD3H/o9l/F/9f7otwzeHc3vAqilWbpR9ukV:5LrQTFzDAHcbpru

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks