General

  • Target

    8b77b43adcc479fe84a515fe96408ad1957acfcb3630cf8cc6383a1b517f87b9

  • Size

    769KB

  • Sample

    241110-bx6sfawjhw

  • MD5

    4ff0179d2b1edb33a4b3f5cbddb625cb

  • SHA1

    7a9f2f2a9b878e58715bd1e059402e329d0dcd64

  • SHA256

    8b77b43adcc479fe84a515fe96408ad1957acfcb3630cf8cc6383a1b517f87b9

  • SHA512

    60ab13d4efd958ab840f8f58b5287b139d9ba91945de44bacc78de80dde49760dd8b0816b43e9f04ff0d4dd9e41ad000655b88fc4b7323617b7bcb9708257d3d

  • SSDEEP

    12288:iMrRy90ddT/CgLpH0JDjKkZfCACx7aKUO05aTjcDUnpD6O3yOJqgzyollQcU:ry6dT/FLF0Jikl6v05aT5pmwJsgtU

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      8b77b43adcc479fe84a515fe96408ad1957acfcb3630cf8cc6383a1b517f87b9

    • Size

      769KB

    • MD5

      4ff0179d2b1edb33a4b3f5cbddb625cb

    • SHA1

      7a9f2f2a9b878e58715bd1e059402e329d0dcd64

    • SHA256

      8b77b43adcc479fe84a515fe96408ad1957acfcb3630cf8cc6383a1b517f87b9

    • SHA512

      60ab13d4efd958ab840f8f58b5287b139d9ba91945de44bacc78de80dde49760dd8b0816b43e9f04ff0d4dd9e41ad000655b88fc4b7323617b7bcb9708257d3d

    • SSDEEP

      12288:iMrRy90ddT/CgLpH0JDjKkZfCACx7aKUO05aTjcDUnpD6O3yOJqgzyollQcU:ry6dT/FLF0Jikl6v05aT5pmwJsgtU

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks