General

  • Target

    ddd13303a92f4879dfade19199de4289a184ae9f77344921b6ce864ce9f232ee

  • Size

    488KB

  • Sample

    241111-hgj23atphs

  • MD5

    d9cc95733b55dfc266f7f6cb4731a3f1

  • SHA1

    c8f11452bd040e3eb091ec33189499fdd0972757

  • SHA256

    ddd13303a92f4879dfade19199de4289a184ae9f77344921b6ce864ce9f232ee

  • SHA512

    303185042e28508d3069a5af702c200f4c5675fa480e2cca5c20de2f5991a73af2a8c4c0535eee9642348e29b4d34063e32190cf809bf1e2e4879f8b5b1e7827

  • SSDEEP

    12288:/MrIy90magq92411THc1g7+8wfJCM7Hi1c5a:Pyd224TH1+7fJrI

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      ddd13303a92f4879dfade19199de4289a184ae9f77344921b6ce864ce9f232ee

    • Size

      488KB

    • MD5

      d9cc95733b55dfc266f7f6cb4731a3f1

    • SHA1

      c8f11452bd040e3eb091ec33189499fdd0972757

    • SHA256

      ddd13303a92f4879dfade19199de4289a184ae9f77344921b6ce864ce9f232ee

    • SHA512

      303185042e28508d3069a5af702c200f4c5675fa480e2cca5c20de2f5991a73af2a8c4c0535eee9642348e29b4d34063e32190cf809bf1e2e4879f8b5b1e7827

    • SSDEEP

      12288:/MrIy90magq92411THc1g7+8wfJCM7Hi1c5a:Pyd224TH1+7fJrI

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks