redline | 7c96c8b235f8a0960a73929718d3e9bb3225232a6193ac9447a094a609315728 | Triage

Sharing

General

Target

7c96c8b235f8a0960a73929718d3e9bb3225232a6193ac9447a094a609315728.exe
Size

750KB
Sample

241119-v5la9aylhv
MD5

65b63c765a63b84bd38b05f2362e30e6
SHA1

5376358958d83e1a882cb14b724737c237f6d00c
SHA256

7c96c8b235f8a0960a73929718d3e9bb3225232a6193ac9447a094a609315728
SHA512

11c29a9acf773a89fa202cf554912ddcb2fb6b41c4543fe3d1ae74fab76d3accf54bd08a09400baa03bc0abefdd74c019f10dc9090e79532a917d7419abe9fca
SSDEEP

12288:YMrwy90QpG9cykzYC0El32F93lWXKcAm7bTET85JBVBZT1mIdMosyymU:Yy4nEp693loKcAmnTm8XzT8AMoHDU

Score

10^/10

redline masta discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

masta

C2

185.161.248.75:4132

Attributes

auth_value
57f23b6b74d0f680c5a0c8ac9f52bd75

Targets

- Target
  
  7c96c8b235f8a0960a73929718d3e9bb3225232a6193ac9447a094a609315728.exe
- Size
  
  750KB
- MD5
  
  65b63c765a63b84bd38b05f2362e30e6
- SHA1
  
  5376358958d83e1a882cb14b724737c237f6d00c
- SHA256
  
  7c96c8b235f8a0960a73929718d3e9bb3225232a6193ac9447a094a609315728
- SHA512
  
  11c29a9acf773a89fa202cf554912ddcb2fb6b41c4543fe3d1ae74fab76d3accf54bd08a09400baa03bc0abefdd74c019f10dc9090e79532a917d7419abe9fca
- SSDEEP
  
  12288:YMrwy90QpG9cykzYC0El32F93lWXKcAm7bTET85JBVBZT1mIdMosyymU:Yy4nEp693loKcAmnTm8XzT8AMoHDU
Score

10^/10

redline masta discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemastadiscoveryevasioninfostealerpersistencetrojan