General

  • Target

    3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693

  • Size

    1.1MB

  • Sample

    241111-gmnrrsthjm

  • MD5

    0b094db892273b6f84f33a15f2f72fc9

  • SHA1

    9a87bddb1e37f64e3a6207d65e59538f7420d44d

  • SHA256

    3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693

  • SHA512

    4e024d048d8c3ab36c4b0f229b2a80bd1e2eaed9e0b9c6219ac98c44565b6cec9ae8f74e1b49a3558adfb85d87ca77c4fc82de43773d9835d6d8777c166c89c3

  • SSDEEP

    24576:JyekFtwOuLVmR1tKpEKVMRkvsyPOoRHI8j+LpZO14MaHX13at:8eQuZm7tuEK2xy95+LpnMY1

Malware Config

Extracted

Family

redline

Botnet

dedu

C2

185.161.248.75:4132

Attributes
  • auth_value

    43fb2cf55df7896aeff6ce27ec070fea

Targets

    • Target

      3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693

    • Size

      1.1MB

    • MD5

      0b094db892273b6f84f33a15f2f72fc9

    • SHA1

      9a87bddb1e37f64e3a6207d65e59538f7420d44d

    • SHA256

      3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693

    • SHA512

      4e024d048d8c3ab36c4b0f229b2a80bd1e2eaed9e0b9c6219ac98c44565b6cec9ae8f74e1b49a3558adfb85d87ca77c4fc82de43773d9835d6d8777c166c89c3

    • SSDEEP

      24576:JyekFtwOuLVmR1tKpEKVMRkvsyPOoRHI8j+LpZO14MaHX13at:8eQuZm7tuEK2xy95+LpnMY1

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks