General

  • Target

    673a61a09ef686f482709323a0e4b6a1cfbd285be6bd1eeab2da7a25a04a76ed

  • Size

    771KB

  • Sample

    241109-xmcbqssqaj

  • MD5

    f8efc5926b436cc910d33edf90978a95

  • SHA1

    53763db31c103087e903745dbb404b04dee6b274

  • SHA256

    673a61a09ef686f482709323a0e4b6a1cfbd285be6bd1eeab2da7a25a04a76ed

  • SHA512

    af818e164c0c2dfa75c0357b8aa161e9ecbf46aa3d1f89d8a4ee1f62da03eb1c10d8363e5c242b7c80f4da2406ca66d92bddad514fe55cf2206a6ef7569dd5b8

  • SSDEEP

    12288:HMr7y902EJxYNjH8aZQKJkpqOpheutdYeJE9OclkbK2hhVKDEI8+YtII:QygJbK4qAekjOOhrNI8+III

Malware Config

Extracted

Family

redline

Botnet

dubur

C2

217.196.96.102:4132

Attributes
  • auth_value

    32d04179aa1e8d655d2d80c21f99de41

Targets

    • Target

      673a61a09ef686f482709323a0e4b6a1cfbd285be6bd1eeab2da7a25a04a76ed

    • Size

      771KB

    • MD5

      f8efc5926b436cc910d33edf90978a95

    • SHA1

      53763db31c103087e903745dbb404b04dee6b274

    • SHA256

      673a61a09ef686f482709323a0e4b6a1cfbd285be6bd1eeab2da7a25a04a76ed

    • SHA512

      af818e164c0c2dfa75c0357b8aa161e9ecbf46aa3d1f89d8a4ee1f62da03eb1c10d8363e5c242b7c80f4da2406ca66d92bddad514fe55cf2206a6ef7569dd5b8

    • SSDEEP

      12288:HMr7y902EJxYNjH8aZQKJkpqOpheutdYeJE9OclkbK2hhVKDEI8+YtII:QygJbK4qAekjOOhrNI8+III

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks