redline | ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393 | Triage

Submit
Reports

Overview

overview

Static

static

3

ea3182639c...93.exe

windows7-x64

ea3182639c...93.exe

windows10-2004-x64

Sharing

General

Target

ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393.bin
Size

1.1MB
Sample

230505-y261bsee4w
MD5

6b836fcea0e74b183f0db115f90a0634
SHA1

afa6e31da8b9fdb3cd8bce76edbbde124f232647
SHA256

ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393
SHA512

4819d0e9685b15761f354e3e68e1335df1d8f05e45390e1dd3746673e2d89bd9efb474cee7141de7463ee389da342cd36a12e08cafccbd84a43aa46b3cdf2aa5
SSDEEP

24576:NyWDdQ0DzRFYiRqgE1xRJ38aUdP3IgY4cbkxbZThH2:oWumzb7RunRFRUVHK0ThH

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393.bin
- Size
  
  1.1MB
- MD5
  
  6b836fcea0e74b183f0db115f90a0634
- SHA1
  
  afa6e31da8b9fdb3cd8bce76edbbde124f232647
- SHA256
  
  ea3182639c115994f8591d7551d1928beb5e087a84accb3b62df63ad53b3d393
- SHA512
  
  4819d0e9685b15761f354e3e68e1335df1d8f05e45390e1dd3746673e2d89bd9efb474cee7141de7463ee389da342cd36a12e08cafccbd84a43aa46b3cdf2aa5
- SSDEEP
  
  24576:NyWDdQ0DzRFYiRqgE1xRJ38aUdP3IgY4cbkxbZThH2:oWumzb7RunRFRUVHK0ThH
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy