redline | 2030d8cc51c7bff0d4873ce7734c61651354ccc30776caaf0dee704fb9e4caf1 | Triage

Sharing

General

Target

2030d8cc51c7bff0d4873ce7734c61651354ccc30776caaf0dee704fb9e4caf1
Size

488KB
Sample

241111-cz9sjszmex
MD5

7690760f675a39293bde075cd8738e88
SHA1

d36859a3b712246af9eac2ef14257afc6624b9e0
SHA256

2030d8cc51c7bff0d4873ce7734c61651354ccc30776caaf0dee704fb9e4caf1
SHA512

7083c43ce6e1bf4764b1e0fc1c580760ab440cbbf5f44151127f80fd826c6c7d9fabbe9b4399996c17759d713104463aa0390f3b6c41834c98174e25d11ac0e2
SSDEEP

12288:3Mrvy90+Q6xXneoW7JSo5Ksjze3UI+DeQRA:MyxeoWMo5hzoJ+DfA

Score

10^/10

redline mauga discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

mauga

C2

217.196.96.102:4132

Attributes

auth_value
36f5411cf117f54076fbbb9ea0631fee

Targets

- Target
  
  2030d8cc51c7bff0d4873ce7734c61651354ccc30776caaf0dee704fb9e4caf1
- Size
  
  488KB
- MD5
  
  7690760f675a39293bde075cd8738e88
- SHA1
  
  d36859a3b712246af9eac2ef14257afc6624b9e0
- SHA256
  
  2030d8cc51c7bff0d4873ce7734c61651354ccc30776caaf0dee704fb9e4caf1
- SHA512
  
  7083c43ce6e1bf4764b1e0fc1c580760ab440cbbf5f44151127f80fd826c6c7d9fabbe9b4399996c17759d713104463aa0390f3b6c41834c98174e25d11ac0e2
- SSDEEP
  
  12288:3Mrvy90+Q6xXneoW7JSo5Ksjze3UI+DeQRA:MyxeoWMo5hzoJ+DfA
Score

10^/10

redline mauga discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemaugadiscoveryevasioninfostealerpersistencetrojan