General

  • Target

    ad1e6ac46401d151f00297931089ca65a1ab931461390549dfe90c99fe82b119

  • Size

    488KB

  • Sample

    241111-hnclkavelm

  • MD5

    05948601b504afed74cd9ef32f1c757b

  • SHA1

    318f9a04cd21a7f5f47a2fb7bb2d13fe385fb14d

  • SHA256

    ad1e6ac46401d151f00297931089ca65a1ab931461390549dfe90c99fe82b119

  • SHA512

    632f74c2d9f0ef1812fb139a7f3325c8187e5690c26df5ab77e2844832059a35116271d3e803edde7f16e18ab1a38f7a0214c597bcf82bd3a4fe8fd8e4237569

  • SSDEEP

    12288:5Mrdy90bIBggQgHNHqfREq7vK9oayvJ5Iph:sy1hQgHphyK9oaGJqn

Malware Config

Extracted

Family

redline

Botnet

mauga

C2

217.196.96.102:4132

Attributes
  • auth_value

    36f5411cf117f54076fbbb9ea0631fee

Targets

    • Target

      ad1e6ac46401d151f00297931089ca65a1ab931461390549dfe90c99fe82b119

    • Size

      488KB

    • MD5

      05948601b504afed74cd9ef32f1c757b

    • SHA1

      318f9a04cd21a7f5f47a2fb7bb2d13fe385fb14d

    • SHA256

      ad1e6ac46401d151f00297931089ca65a1ab931461390549dfe90c99fe82b119

    • SHA512

      632f74c2d9f0ef1812fb139a7f3325c8187e5690c26df5ab77e2844832059a35116271d3e803edde7f16e18ab1a38f7a0214c597bcf82bd3a4fe8fd8e4237569

    • SSDEEP

      12288:5Mrdy90bIBggQgHNHqfREq7vK9oayvJ5Iph:sy1hQgHphyK9oaGJqn

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks