redline | f261bc8bcc49c8f8271e470cec54f67ce5d2151035834bc42890b38387d42a49 | Triage

Sharing

General

Target

f261bc8bcc49c8f8271e470cec54f67ce5d2151035834bc42890b38387d42a49.bin
Size

562KB
Sample

230505-y81f5afb9s
MD5

8bae4f05a63ccca91807d7e12eb48a31
SHA1

3b49957df7468492153073e2b9254fff39b7190e
SHA256

f261bc8bcc49c8f8271e470cec54f67ce5d2151035834bc42890b38387d42a49
SHA512

fa0db01270dfe278ee607c22f5cd93e7ed867e434b7a0dd9278742e9491fcd6b6a24138a8a5071ffcfd748896a97fa99226a8dd7a1652e57e44e0fc752b740c3
SSDEEP

12288:py9025yhrNmB8ODyDYD8egdjRIo7cpas01G:pyJNRSYD8e+jWj8s0g

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  f261bc8bcc49c8f8271e470cec54f67ce5d2151035834bc42890b38387d42a49.bin
- Size
  
  562KB
- MD5
  
  8bae4f05a63ccca91807d7e12eb48a31
- SHA1
  
  3b49957df7468492153073e2b9254fff39b7190e
- SHA256
  
  f261bc8bcc49c8f8271e470cec54f67ce5d2151035834bc42890b38387d42a49
- SHA512
  
  fa0db01270dfe278ee607c22f5cd93e7ed867e434b7a0dd9278742e9491fcd6b6a24138a8a5071ffcfd748896a97fa99226a8dd7a1652e57e44e0fc752b740c3
- SSDEEP
  
  12288:py9025yhrNmB8ODyDYD8egdjRIo7cpas01G:pyJNRSYD8e+jWj8s0g
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan