redline | 623c98766f8086e86c41f9f06e73e338b6ffb28aa315fe737451598f3f1172e8 | Triage

Submit
Reports

Overview

overview

Static

static

gkm4040_build1.exe

windows7_x64

gkm4040_build1.exe

windows10_x64

Sharing

General

Target

gkm4040_build1.exe
Size

3.1MB
Sample

211210-1g27raaac8
MD5

9eb02a3725f098731cd981fcd3afbf0c
SHA1

af1a508a4842d7a6c267df916a9ec0bbdc77f657
SHA256

623c98766f8086e86c41f9f06e73e338b6ffb28aa315fe737451598f3f1172e8
SHA512

7bb93bf39e60f5acb2b84a05704a9737880dca9377137d4c9d0e7360f7af70ac0251c31f17ee6ab30f7f75bea978ce2a6823cccbe53f4f7c5f8f191b197f4ffb

Score

10^/10

redline evasion infostealer persistence rat stealer telegram trojan

Static task

static1

Behavioral task

behavioral1

Sample

gkm4040_build1.exe

Resource

win7-en-20211208

redline evasion infostealer persistence rat stealer telegram trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

gkm4040_build1.exe

Resource

win10-en-20211208

redline evasion infostealer persistence rat stealer telegram trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  gkm4040_build1.exe
- Size
  
  3.1MB
- MD5
  
  9eb02a3725f098731cd981fcd3afbf0c
- SHA1
  
  af1a508a4842d7a6c267df916a9ec0bbdc77f657
- SHA256
  
  623c98766f8086e86c41f9f06e73e338b6ffb28aa315fe737451598f3f1172e8
- SHA512
  
  7bb93bf39e60f5acb2b84a05704a9737880dca9377137d4c9d0e7360f7af70ac0251c31f17ee6ab30f7f75bea978ce2a6823cccbe53f4f7c5f8f191b197f4ffb
Score

10^/10

redline evasion infostealer persistence rat stealer telegram trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- TelegramRat
  Telegram_rat.
  telegram rat
- evasion
  evasion.
  evasion
- rl_trojan
  redline stealer.
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineevasioninfostealerpersistenceratstealertelegramtrojan

behavioral2

redlineevasioninfostealerpersistenceratstealertelegramtrojan

© 2018-2024

Terms | Privacy