General

  • Target

    51e92258193ecd9ae214c6940dea24683471bf912f183f21f98eabc8e9fa1403

  • Size

    886KB

  • Sample

    241111-hk7yasvhjd

  • MD5

    3b6f0ebbc4fc12c54d7098b8a30d0446

  • SHA1

    cdcc2a1e55431713fb28c6a97bfab70eb26c2618

  • SHA256

    51e92258193ecd9ae214c6940dea24683471bf912f183f21f98eabc8e9fa1403

  • SHA512

    28a3d54cbf5e99dbd7d199addde166625302a129cd1aaa842682eb4672ad34e2eca53410912580ab227a4e78a04c874eb6332615d20c6d41f46f0ae4f97b384e

  • SSDEEP

    24576:Py4W0EDHeKw4/Mr4Tiae6VfWjt+0mlGDmKkPY:a6ED5V84TiaeVRdBDmKa

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      51e92258193ecd9ae214c6940dea24683471bf912f183f21f98eabc8e9fa1403

    • Size

      886KB

    • MD5

      3b6f0ebbc4fc12c54d7098b8a30d0446

    • SHA1

      cdcc2a1e55431713fb28c6a97bfab70eb26c2618

    • SHA256

      51e92258193ecd9ae214c6940dea24683471bf912f183f21f98eabc8e9fa1403

    • SHA512

      28a3d54cbf5e99dbd7d199addde166625302a129cd1aaa842682eb4672ad34e2eca53410912580ab227a4e78a04c874eb6332615d20c6d41f46f0ae4f97b384e

    • SSDEEP

      24576:Py4W0EDHeKw4/Mr4Tiae6VfWjt+0mlGDmKkPY:a6ED5V84TiaeVRdBDmKa

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks