redline | 73320ccd9115c67a991f9eb8e1072fe18be573243f2c5dc34722cb6800bb82c9 | Triage

Sharing

General

Target

73320ccd9115c67a991f9eb8e1072fe18be573243f2c5dc34722cb6800bb82c9
Size

876KB
Sample

241110-13rcdazkbj
MD5

6d67526b74486bc3849d8ebc0a767ac3
SHA1

3237b0f4997dc2f21752e206e3822cbf003d4199
SHA256

73320ccd9115c67a991f9eb8e1072fe18be573243f2c5dc34722cb6800bb82c9
SHA512

cdbbf28a0479ef935d76d1110dacb5d19dff4a12c32b9fbeb4c394d9640786488a799aa2134c1b9636c3536806082681213837ff3579222dfacc58d35ee3f932
SSDEEP

24576:+ykdgAV1hD5dtZSIPuV0CGM83nnpnGhq7Xn:NIzttAuXpnAs

Score

10^/10

redline dimas discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

dimas

C2

185.161.248.75:4132

Attributes

auth_value
a5db9b1c53c704e612bccc93ccdb5539

Targets

- Target
  
  73320ccd9115c67a991f9eb8e1072fe18be573243f2c5dc34722cb6800bb82c9
- Size
  
  876KB
- MD5
  
  6d67526b74486bc3849d8ebc0a767ac3
- SHA1
  
  3237b0f4997dc2f21752e206e3822cbf003d4199
- SHA256
  
  73320ccd9115c67a991f9eb8e1072fe18be573243f2c5dc34722cb6800bb82c9
- SHA512
  
  cdbbf28a0479ef935d76d1110dacb5d19dff4a12c32b9fbeb4c394d9640786488a799aa2134c1b9636c3536806082681213837ff3579222dfacc58d35ee3f932
- SSDEEP
  
  24576:+ykdgAV1hD5dtZSIPuV0CGM83nnpnGhq7Xn:NIzttAuXpnAs
Score

10^/10

redline dimas discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedimasdiscoveryevasioninfostealerpersistencetrojan