General

  • Target

    fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f

  • Size

    769KB

  • Sample

    241109-x6ewzazldw

  • MD5

    f9ca2cae8d0dfe2d4bd3ed0929b9570e

  • SHA1

    4ebcbbb81ef49dbcc7d1fa434cee62a01240d194

  • SHA256

    fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f

  • SHA512

    fe6d06cbf0e61f0750e77d6cfeb54c0ca7893e6caf3a27be6727ee1a2152fd8c36f7f4f7b10ffd85b392ed51ae5ba01d1881191f0ecbbcb46ab0406c362315d1

  • SSDEEP

    24576:bypVDbup/v+nuV9ijTPaHo/hlpZnYBvqNsT:OLc/Q2mr55P+

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f

    • Size

      769KB

    • MD5

      f9ca2cae8d0dfe2d4bd3ed0929b9570e

    • SHA1

      4ebcbbb81ef49dbcc7d1fa434cee62a01240d194

    • SHA256

      fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f

    • SHA512

      fe6d06cbf0e61f0750e77d6cfeb54c0ca7893e6caf3a27be6727ee1a2152fd8c36f7f4f7b10ffd85b392ed51ae5ba01d1881191f0ecbbcb46ab0406c362315d1

    • SSDEEP

      24576:bypVDbup/v+nuV9ijTPaHo/hlpZnYBvqNsT:OLc/Q2mr55P+

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks