General

  • Target

    c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343

  • Size

    770KB

  • Sample

    241109-x6rkrs1anq

  • MD5

    e3c8e73c8ab8278ff6043f7cddbef8ed

  • SHA1

    6cad518fdf40ff56de14e20292013b1a3743ec61

  • SHA256

    c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343

  • SHA512

    3a6aeb645b8def68c2efa031ee749caef19e0c29a873a98b416f53c8e3bfb9c4730ab622ee7edc598423d563c3e1e3ad5af6f720d6ed1fa9fc06ebfc1fe599fa

  • SSDEEP

    12288:lMrvy903W2/KJjh426cGw+9E1CgC6GKwO2daSm6/RtBKNAB4ruAPC1xIV0e:+yok14pcGxy92daSR//BKNACOWWe

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343

    • Size

      770KB

    • MD5

      e3c8e73c8ab8278ff6043f7cddbef8ed

    • SHA1

      6cad518fdf40ff56de14e20292013b1a3743ec61

    • SHA256

      c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343

    • SHA512

      3a6aeb645b8def68c2efa031ee749caef19e0c29a873a98b416f53c8e3bfb9c4730ab622ee7edc598423d563c3e1e3ad5af6f720d6ed1fa9fc06ebfc1fe599fa

    • SSDEEP

      12288:lMrvy903W2/KJjh426cGw+9E1CgC6GKwO2daSm6/RtBKNAB4ruAPC1xIV0e:+yok14pcGxy92daSR//BKNACOWWe

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks