redline | e25f301195cfb929ff5cee7af3db3dd5821691c33a2d3dd070d707aad172b31e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e25f301195cfb929ff5cee7af3db3dd5821691c33a2d3dd070d707aad172b31e.bin
Size

656KB
Sample

230501-xhmlxafh6s
MD5

1b17406c3740b948677fbf300353e028
SHA1

7b09c969443928b2ac0fcc6a95b52b8f4203567e
SHA256

e25f301195cfb929ff5cee7af3db3dd5821691c33a2d3dd070d707aad172b31e
SHA512

afac493add16d72e86605e870833eba8173a2786e3b8cb98b33d0b7ae8d798ca7894dde6ec0ae51edd16749c0d957f4b3106709ac96e29363584251bb4de92bf
SSDEEP

12288:ny90EJpOnTOtJ6sfse5afv1sNSOdvnWhXgHp:nyBJ6TOtJZfse5afY9vncwHp

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  e25f301195cfb929ff5cee7af3db3dd5821691c33a2d3dd070d707aad172b31e.bin
- Size
  
  656KB
- MD5
  
  1b17406c3740b948677fbf300353e028
- SHA1
  
  7b09c969443928b2ac0fcc6a95b52b8f4203567e
- SHA256
  
  e25f301195cfb929ff5cee7af3db3dd5821691c33a2d3dd070d707aad172b31e
- SHA512
  
  afac493add16d72e86605e870833eba8173a2786e3b8cb98b33d0b7ae8d798ca7894dde6ec0ae51edd16749c0d957f4b3106709ac96e29363584251bb4de92bf
- SSDEEP
  
  12288:ny90EJpOnTOtJ6sfse5afv1sNSOdvnWhXgHp:nyBJ6TOtJZfse5afY9vncwHp
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan