General

  • Target

    37c67f654570fc0738eaba5d70ec032d1375c28a3da921590e7b82adb56db51c

  • Size

    1.1MB

  • Sample

    241109-xpk2nasqem

  • MD5

    4000b057b027ff5ad253c875022dc813

  • SHA1

    1add97da0f85533662dc0d4ca62134eb4d4c90cd

  • SHA256

    37c67f654570fc0738eaba5d70ec032d1375c28a3da921590e7b82adb56db51c

  • SHA512

    99d46bb41196020e57132d4d0b301727600c200166e30721088d01bd53beec9d31043ee7a1e0261c525692223e47ad5ea8dacf28fede5231aeccd8c6af589115

  • SSDEEP

    24576:FyvXyzjB72Fk8kF//O4XcSRiPkNPJ3FIWid4NgU4:gvXyZ72Fk8kNNsSRicNPJ3FIWia1

Malware Config

Extracted

Family

redline

Botnet

masta

C2

185.161.248.75:4132

Attributes
  • auth_value

    57f23b6b74d0f680c5a0c8ac9f52bd75

Targets

    • Target

      37c67f654570fc0738eaba5d70ec032d1375c28a3da921590e7b82adb56db51c

    • Size

      1.1MB

    • MD5

      4000b057b027ff5ad253c875022dc813

    • SHA1

      1add97da0f85533662dc0d4ca62134eb4d4c90cd

    • SHA256

      37c67f654570fc0738eaba5d70ec032d1375c28a3da921590e7b82adb56db51c

    • SHA512

      99d46bb41196020e57132d4d0b301727600c200166e30721088d01bd53beec9d31043ee7a1e0261c525692223e47ad5ea8dacf28fede5231aeccd8c6af589115

    • SSDEEP

      24576:FyvXyzjB72Fk8kF//O4XcSRiPkNPJ3FIWid4NgU4:gvXyZ72Fk8kNNsSRicNPJ3FIWia1

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks