redline | e43c161ce3fca02aacc3de6553fbac800ceceb3e4c5ec09224db0c419bc36ad2 | Triage

Sharing

General

Target

e43c161ce3fca02aacc3de6553fbac800ceceb3e4c5ec09224db0c419bc36ad2
Size

1.1MB
Sample

241110-3zpeqa1ldk
MD5

c31e9349b22897713ed5711d3c86ca8a
SHA1

1f60d3f0b63b09fcf809a8d7d83a9017bc2eb80d
SHA256

e43c161ce3fca02aacc3de6553fbac800ceceb3e4c5ec09224db0c419bc36ad2
SHA512

bf6c3ca40b470fcff31fb8a181fbdcfc5039256456ab3d095c20e35ab831ef358034e42cf99e3428ce53e32966e0619de720c5517e72e31ec57ad41b95bd80b2
SSDEEP

24576:/yeWwFPH27hiEMVo3RQiN3FyvmQ/l+bFvl/HeyynJatTa8V:KRwFHEMVoBh17QyHeyka9a

Score

10^/10

redline masta discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

masta

C2

185.161.248.75:4132

Attributes

auth_value
57f23b6b74d0f680c5a0c8ac9f52bd75

Targets

- Target
  
  e43c161ce3fca02aacc3de6553fbac800ceceb3e4c5ec09224db0c419bc36ad2
- Size
  
  1.1MB
- MD5
  
  c31e9349b22897713ed5711d3c86ca8a
- SHA1
  
  1f60d3f0b63b09fcf809a8d7d83a9017bc2eb80d
- SHA256
  
  e43c161ce3fca02aacc3de6553fbac800ceceb3e4c5ec09224db0c419bc36ad2
- SHA512
  
  bf6c3ca40b470fcff31fb8a181fbdcfc5039256456ab3d095c20e35ab831ef358034e42cf99e3428ce53e32966e0619de720c5517e72e31ec57ad41b95bd80b2
- SSDEEP
  
  24576:/yeWwFPH27hiEMVo3RQiN3FyvmQ/l+bFvl/HeyynJatTa8V:KRwFHEMVoBh17QyHeyka9a
Score

10^/10

redline masta discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemastadiscoveryevasioninfostealerpersistencetrojan