General
-
Target
3178459ecac11d748dbe5a0dfa716d9ef4feba5603f2ffea471058767a1c2a3c
-
Size
1.1MB
-
Sample
241110-l5ec9sxphr
-
MD5
a7b521c862d028a8a8db35e9513e8cac
-
SHA1
90b7adcf903fb98f89ddb331b4944c7ceb005af9
-
SHA256
3178459ecac11d748dbe5a0dfa716d9ef4feba5603f2ffea471058767a1c2a3c
-
SHA512
e683632eb48a6676532f7be87e50de59546bb1b18bf838a15cd9042d46f3c3f5c042e9d76e7eda2114f09d4b67866543e5fdad19f6f6fe67ae2512d479f5fa13
-
SSDEEP
24576:xyF+RJI4PkRbwFkmVmVDTjbcf4GWuUxsmunUPH7KF7hC26N2nxvI59J7u:kCTGbwFkmVGHjNFBuUzKF7L6NR591
Malware Config
Extracted
redline
doma
185.161.248.75:4132
-
auth_value
8be53af7f78567706928d0abef953ef4
Targets
-
-
Target
3178459ecac11d748dbe5a0dfa716d9ef4feba5603f2ffea471058767a1c2a3c
-
Size
1.1MB
-
MD5
a7b521c862d028a8a8db35e9513e8cac
-
SHA1
90b7adcf903fb98f89ddb331b4944c7ceb005af9
-
SHA256
3178459ecac11d748dbe5a0dfa716d9ef4feba5603f2ffea471058767a1c2a3c
-
SHA512
e683632eb48a6676532f7be87e50de59546bb1b18bf838a15cd9042d46f3c3f5c042e9d76e7eda2114f09d4b67866543e5fdad19f6f6fe67ae2512d479f5fa13
-
SSDEEP
24576:xyF+RJI4PkRbwFkmVmVDTjbcf4GWuUxsmunUPH7KF7hC26N2nxvI59J7u:kCTGbwFkmVGHjNFBuUzKF7L6NR591
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1