redline | dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c | Triage

Submit
Reports

Overview

overview

Static

static

3

dafb5223ce...9c.exe

windows7-x64

dafb5223ce...9c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c.bin
Size

690KB
Sample

230501-xctg9sdf76
MD5

14e72fd2872d9eb4f5e6438c130f11e6
SHA1

9fbc43ddb4ba6da8691893372a32afd2c9404bf7
SHA256

dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c
SHA512

e5331439e0e37086e8f64d40bf8d7fd6e7ff54f67c7b9ab33e7e5a4b907b7bae5c4a6a69ca02d99cd00ba57d2da119aae8e3cc61b2485144cfb6026a5bcd891e
SSDEEP

12288:vy90w5cFpttkwwD+btfBtkfRkmfq+rMa5nJ6YGBniNvmwGftIJHiGbG:vyJqFTtLwabtfBtGRfy+QcnYMNgM/bG

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c.bin
- Size
  
  690KB
- MD5
  
  14e72fd2872d9eb4f5e6438c130f11e6
- SHA1
  
  9fbc43ddb4ba6da8691893372a32afd2c9404bf7
- SHA256
  
  dafb5223ce4976c752500a24a99528cee3296ec3c115cb8655a5f9a920e0439c
- SHA512
  
  e5331439e0e37086e8f64d40bf8d7fd6e7ff54f67c7b9ab33e7e5a4b907b7bae5c4a6a69ca02d99cd00ba57d2da119aae8e3cc61b2485144cfb6026a5bcd891e
- SSDEEP
  
  12288:vy90w5cFpttkwwD+btfBtkfRkmfq+rMa5nJ6YGBniNvmwGftIJHiGbG:vyJqFTtLwabtfBtGRfy+QcnYMNgM/bG
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy