Overview

overview

10

Static

static

3

b62f90cdc7...5f.exe

windows7-x64

10

b62f90cdc7...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b62f90cdc727bed1e3afceaf6e94444fed3dbab33a52ac67a15ca26ee598265f.bin

  • Size

    611KB

  • Sample

    230505-xtvrnaac9y

  • MD5

    f2039ac7d2fb05b3f27506af523c844f

  • SHA1

    c857bf916b880a37b3b13b5027e4fca6adc1c2b5

  • SHA256

    b62f90cdc727bed1e3afceaf6e94444fed3dbab33a52ac67a15ca26ee598265f

  • SHA512

    abe0580ec3052f5067cd08f6d6aa312ac661e1cb4a253c2cedd833365e65f8ce452232a59c8f9c91de1505ec87d7c0eec901aed182434b03356202cd89b35452

  • SSDEEP

    12288:hy90NXm/XeqlVXEXkJjH9GwqgSaoIiUs3eIBor:hyF/HlVXi8jdEa5i9BG

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      b62f90cdc727bed1e3afceaf6e94444fed3dbab33a52ac67a15ca26ee598265f.bin

    • Size

      611KB

    • MD5

      f2039ac7d2fb05b3f27506af523c844f

    • SHA1

      c857bf916b880a37b3b13b5027e4fca6adc1c2b5

    • SHA256

      b62f90cdc727bed1e3afceaf6e94444fed3dbab33a52ac67a15ca26ee598265f

    • SHA512

      abe0580ec3052f5067cd08f6d6aa312ac661e1cb4a253c2cedd833365e65f8ce452232a59c8f9c91de1505ec87d7c0eec901aed182434b03356202cd89b35452

    • SSDEEP

      12288:hy90NXm/XeqlVXEXkJjH9GwqgSaoIiUs3eIBor:hyF/HlVXi8jdEa5i9BG

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks