redline | ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ece1d8ae55...d1.exe

windows7-x64

ece1d8ae55...d1.exe

windows10-2004-x64

Sharing

General

Target

ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1.bin
Size

694KB
Sample

230505-y5ltkaeg4y
MD5

596c660def1a7e6df555c1966dc7bc89
SHA1

1a40868b4009ecc22041397333307979cf0384de
SHA256

ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1
SHA512

0d0e71d4f9d30ff263fcfd75e9b13355a808a28a9bae0b640ad48a159f0e7f73abcd16cbc1b82c27f0165124699e5771bd2dd9d4bf13cfde6ad2327a2a16ca8c
SSDEEP

12288:Wy90byBu1UQeU4ab+6BC8rgHRyKzbqLDZLS+WmjXrwQey59UZ0ysw5MJT7o+:Wy901QmK6wCYQKCsojbwQYPslo+

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1.bin
- Size
  
  694KB
- MD5
  
  596c660def1a7e6df555c1966dc7bc89
- SHA1
  
  1a40868b4009ecc22041397333307979cf0384de
- SHA256
  
  ece1d8ae55e1009cd2077b5ce974e67472b707a9d0dd53013c8521d64198cbd1
- SHA512
  
  0d0e71d4f9d30ff263fcfd75e9b13355a808a28a9bae0b640ad48a159f0e7f73abcd16cbc1b82c27f0165124699e5771bd2dd9d4bf13cfde6ad2327a2a16ca8c
- SSDEEP
  
  12288:Wy90byBu1UQeU4ab+6BC8rgHRyKzbqLDZLS+WmjXrwQey59UZ0ysw5MJT7o+:Wy901QmK6wCYQKCsojbwQYPslo+
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy