redline | ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816 | Triage

Submit
Reports

Overview

overview

Static

static

3

ebb68718c1...16.exe

windows7-x64

ebb68718c1...16.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816.bin
Size

1.1MB
Sample

230505-y4vebaef5w
MD5

b164ec49d1d25cc731c6d7b0553f8f1d
SHA1

f9497168662af242f5a3f0fe4b27d4186162b98c
SHA256

ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816
SHA512

d393659e6539d69778f7939fc0578b76e2ca3fb05eb34242609eeaad0edede4b51dce290b6a785d3f17b3a5e83c7f2356d0ea74ec58ad22894abe6392cc5376e
SSDEEP

24576:Wy1UhobGKA4Wgn0Az+O8dqSU5S4i/bOSRBFb6F3R8bIQj2R:lzGKJn3L8A5Sf/b55S3GcY2

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816.bin
- Size
  
  1.1MB
- MD5
  
  b164ec49d1d25cc731c6d7b0553f8f1d
- SHA1
  
  f9497168662af242f5a3f0fe4b27d4186162b98c
- SHA256
  
  ebb68718c16de9aee70ff3c6eb9b6ff756258d77270680a22dfbf74feee4b816
- SHA512
  
  d393659e6539d69778f7939fc0578b76e2ca3fb05eb34242609eeaad0edede4b51dce290b6a785d3f17b3a5e83c7f2356d0ea74ec58ad22894abe6392cc5376e
- SSDEEP
  
  24576:Wy1UhobGKA4Wgn0Az+O8dqSU5S4i/bOSRBFb6F3R8bIQj2R:lzGKJn3L8A5Sf/b55S3GcY2
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy