Overview

overview

10

Static

static

3

f49ba6be4b...ad.exe

windows7-x64

7

f49ba6be4b...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f49ba6be4b055ba49ddb34e5d81cf68e148271139cd9d3f77cf805c2becb46ad.bin

  • Size

    690KB

  • Sample

    230501-x1m1dsha9x

  • MD5

    129b1d53bfe879e6241711a930941226

  • SHA1

    6c0a449fe94863cf16eed458eddc65e3de52ebbe

  • SHA256

    f49ba6be4b055ba49ddb34e5d81cf68e148271139cd9d3f77cf805c2becb46ad

  • SHA512

    9254ac3fdb920715fa4f5fc8363ee1fb80515282bdbae57fc080856c86ed32b82fecfcdac07912dfa130bf7419bf139ffaf0ab3136e251fbdecfc8d366a2ca93

  • SSDEEP

    12288:Vy90Nd8E/W8ocSPKPgW/DMqtQ+v0YET2XmDGc9rj4/tQV:VyCZ6uIKQge2XSr9+tQV

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      f49ba6be4b055ba49ddb34e5d81cf68e148271139cd9d3f77cf805c2becb46ad.bin

    • Size

      690KB

    • MD5

      129b1d53bfe879e6241711a930941226

    • SHA1

      6c0a449fe94863cf16eed458eddc65e3de52ebbe

    • SHA256

      f49ba6be4b055ba49ddb34e5d81cf68e148271139cd9d3f77cf805c2becb46ad

    • SHA512

      9254ac3fdb920715fa4f5fc8363ee1fb80515282bdbae57fc080856c86ed32b82fecfcdac07912dfa130bf7419bf139ffaf0ab3136e251fbdecfc8d366a2ca93

    • SSDEEP

      12288:Vy90Nd8E/W8ocSPKPgW/DMqtQ+v0YET2XmDGc9rj4/tQV:VyCZ6uIKQge2XSr9+tQV

    Score
    10/10
    persistenceredlineevasioninfostealerstealertrojan

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks