redline | fe1bda894766117e7d0eff6440e6b7877eea2e2a40aafe7eb78192df051f6b98 | Triage

Sharing

General

Target

fe1bda894766117e7d0eff6440e6b7877eea2e2a40aafe7eb78192df051f6b98.bin
Size

618KB
Sample

230501-ybcc2ahf6w
MD5

4297ee91095d298c8fd455310b4e2ffe
SHA1

f662635fa59059f1e86d89559f5317305ec6d447
SHA256

fe1bda894766117e7d0eff6440e6b7877eea2e2a40aafe7eb78192df051f6b98
SHA512

4251a5857bc7ad17a29ada1d0670323c93c35d195f5bfb4dc292e52e2fcdd2c93430b04603bdec43c4e51ff8f6aae93501bc407879310cd49fca1a0be9eaaa4c
SSDEEP

12288:6y90B+HW8QRnTd6230sFmc2nbgxdy2YWSJKQuQ7CDESkc3:6y+8QZA2bmp+A2Or7CDElc3

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  fe1bda894766117e7d0eff6440e6b7877eea2e2a40aafe7eb78192df051f6b98.bin
- Size
  
  618KB
- MD5
  
  4297ee91095d298c8fd455310b4e2ffe
- SHA1
  
  f662635fa59059f1e86d89559f5317305ec6d447
- SHA256
  
  fe1bda894766117e7d0eff6440e6b7877eea2e2a40aafe7eb78192df051f6b98
- SHA512
  
  4251a5857bc7ad17a29ada1d0670323c93c35d195f5bfb4dc292e52e2fcdd2c93430b04603bdec43c4e51ff8f6aae93501bc407879310cd49fca1a0be9eaaa4c
- SSDEEP
  
  12288:6y90B+HW8QRnTd6230sFmc2nbgxdy2YWSJKQuQ7CDESkc3:6y+8QZA2bmp+A2Or7CDElc3
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan