redline | eab5ebc157032ac3357da96b04a989fb4d0da91d10896289955e92f6a024f5c3 | Triage

Sharing

General

Target

eab5ebc157032ac3357da96b04a989fb4d0da91d10896289955e92f6a024f5c3.exe
Size

488KB
Sample

241120-ftx4cawpdj
MD5

71dccbbf901a68b85def5e6d4c737241
SHA1

bdacb665bae8364bf7201c87d4c13cb445f64f35
SHA256

eab5ebc157032ac3357da96b04a989fb4d0da91d10896289955e92f6a024f5c3
SHA512

cfb5fd3b12f2bf2467ab3f4b68fd68dd70eb87637ce52748d9cfc5108f3ac97738e7f854a737991057876603dfe64254b6a0beea774622f1a87b269c40389509
SSDEEP

12288:xMr2y90wmDyJBgY6Ge7mCbiefrIXagRtINu+oBhE/FQ+PR3:LyNUOimCble+u+ow9HR3

Score

10^/10

redline dubur discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

dubur

C2

217.196.96.102:4132

Attributes

auth_value
32d04179aa1e8d655d2d80c21f99de41

Targets

- Target
  
  eab5ebc157032ac3357da96b04a989fb4d0da91d10896289955e92f6a024f5c3.exe
- Size
  
  488KB
- MD5
  
  71dccbbf901a68b85def5e6d4c737241
- SHA1
  
  bdacb665bae8364bf7201c87d4c13cb445f64f35
- SHA256
  
  eab5ebc157032ac3357da96b04a989fb4d0da91d10896289955e92f6a024f5c3
- SHA512
  
  cfb5fd3b12f2bf2467ab3f4b68fd68dd70eb87637ce52748d9cfc5108f3ac97738e7f854a737991057876603dfe64254b6a0beea774622f1a87b269c40389509
- SSDEEP
  
  12288:xMr2y90wmDyJBgY6Ge7mCbiefrIXagRtINu+oBhE/FQ+PR3:LyNUOimCble+u+ow9HR3
Score

10^/10

redline dubur discovery evasion infostealer persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineduburdiscoveryevasioninfostealerpersistencetrojan