Overview

overview

10

Static

static

3

0d7f1e7de2...b8.exe

windows7-x64

10

0d7f1e7de2...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0010a1a466b6912599e9dbfb9b0f2b1.bin.bin

  • Size

    522KB

  • Sample

    230505-xpwhdshh3t

  • MD5

    21d90e28ee30e58fe9d1080b4e15e8a5

  • SHA1

    21eec3aca33d941e5c25af0dcdfeae6be61b230b

  • SHA256

    5e11e58263ebc667d235321c29d01c9db50e55cbaa9c6b78fb22de41e5abb3a1

  • SHA512

    796af35f61402463d7fd03e6c8ece853de4c2e25205bb7465906e405847cb327d28eb08954a8e156cf2060733c89cafdeb2a9e7af266e03d6c5cc3ca6a43182c

  • SSDEEP

    12288:gdOQ8i7n58w9xvFfUXV74WStEiMwEOCRiMSIVrtD:gAi7n5L9xv6XVsztPM3/iHIVN

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      0d7f1e7de2ae297dbd26cecd040402904baa81c1ea04695ee79c3b10a75e66b8.exe

    • Size

      566KB

    • MD5

      b0010a1a466b6912599e9dbfb9b0f2b1

    • SHA1

      992a31e660ca6c51290a20924328f650d1633011

    • SHA256

      0d7f1e7de2ae297dbd26cecd040402904baa81c1ea04695ee79c3b10a75e66b8

    • SHA512

      14d7c4f48ef015eaa5e99c8581d99e1c5773781a92289c2ce43a305ce538b58933de8da9cca01255b3a74427fbb91776a721ceb90552f6b8843203d7d999c1b2

    • SSDEEP

      12288:jy90BhqdRBkZ71iu7CVoJkL07+QsKS+yw/lBJasjt6YNN:jyMhERBkZ71bO2JU4+tKS+ywXJaU7j

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks