Overview

overview

10

Static

static

3

cfeff4fe53...14.exe

windows7-x64

10

cfeff4fe53...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfeff4fe53ff4039d80fb5634dac7b05b47f5ad392d55f65a120ca2c7840c014.bin

  • Size

    695KB

  • Sample

    230501-w5nbaada66

  • MD5

    f49925eba849ae10335e1ad82a146443

  • SHA1

    39f49189238a06cae9688fcfbc1c819dc0a43f0d

  • SHA256

    cfeff4fe53ff4039d80fb5634dac7b05b47f5ad392d55f65a120ca2c7840c014

  • SHA512

    6680d14c9bea520602452a35fd299d863662ba34867f79737c77125730dbd5ead929dc92315387d3a753c9a76551762db70d0875044100ec78a69561f8cff3be

  • SSDEEP

    12288:Wy90gGXgXFWLRtN9WHFgNjqZ6cTiZLXVNE7O/3Fj7:Wyf1WLPNWZ4hNE7O/Fj7

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      cfeff4fe53ff4039d80fb5634dac7b05b47f5ad392d55f65a120ca2c7840c014.bin

    • Size

      695KB

    • MD5

      f49925eba849ae10335e1ad82a146443

    • SHA1

      39f49189238a06cae9688fcfbc1c819dc0a43f0d

    • SHA256

      cfeff4fe53ff4039d80fb5634dac7b05b47f5ad392d55f65a120ca2c7840c014

    • SHA512

      6680d14c9bea520602452a35fd299d863662ba34867f79737c77125730dbd5ead929dc92315387d3a753c9a76551762db70d0875044100ec78a69561f8cff3be

    • SSDEEP

      12288:Wy90gGXgXFWLRtN9WHFgNjqZ6cTiZLXVNE7O/3Fj7:Wyf1WLPNWZ4hNE7O/Fj7

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks