General

  • Target

    5aab6d524baf3ec09696f6cca3458a0be37f9d2fdc5f5731ed3c3787c97156ec

  • Size

    1.1MB

  • Sample

    241109-zcnm5a1kdt

  • MD5

    926ee65c65fb65bcfef0214a2c4cd5a6

  • SHA1

    b31d29346d706072412ab8ca93d469f31c8ea651

  • SHA256

    5aab6d524baf3ec09696f6cca3458a0be37f9d2fdc5f5731ed3c3787c97156ec

  • SHA512

    fff13d75156fe98f76a85b953ba94d1377cc91cbd90afa5c351686d5ccc15091cb04cc14ac545f49b1ead59cc2698126e124a448d310cdb51026dc5c77c8d8f0

  • SSDEEP

    24576:eyxx4pO1Rmzf1h939muFkUJ28LxcwBIj09mP2EDlc0+8GKIem5qu996kP:tj4I1Azf10uFkUs4xrIgY1UrKIeXu996

Malware Config

Extracted

Family

redline

Botnet

masta

C2

185.161.248.75:4132

Attributes
  • auth_value

    57f23b6b74d0f680c5a0c8ac9f52bd75

Targets

    • Target

      5aab6d524baf3ec09696f6cca3458a0be37f9d2fdc5f5731ed3c3787c97156ec

    • Size

      1.1MB

    • MD5

      926ee65c65fb65bcfef0214a2c4cd5a6

    • SHA1

      b31d29346d706072412ab8ca93d469f31c8ea651

    • SHA256

      5aab6d524baf3ec09696f6cca3458a0be37f9d2fdc5f5731ed3c3787c97156ec

    • SHA512

      fff13d75156fe98f76a85b953ba94d1377cc91cbd90afa5c351686d5ccc15091cb04cc14ac545f49b1ead59cc2698126e124a448d310cdb51026dc5c77c8d8f0

    • SSDEEP

      24576:eyxx4pO1Rmzf1h939muFkUJ28LxcwBIj09mP2EDlc0+8GKIem5qu996kP:tj4I1Azf10uFkUs4xrIgY1UrKIeXu996

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks