Overview

overview

10

Static

static

3

cfab7da011...4a.exe

windows7-x64

10

cfab7da011...4a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfab7da011e6166e23da82d55f36cfd45133c378c508d6eb3a6cce7666c3a14a.bin

  • Size

    674KB

  • Sample

    230505-ye3dmacc7z

  • MD5

    dcdf391cb2d4488e55439d1d99062505

  • SHA1

    3c1cb12476bd0ddf1ffb79f252f75228b5038cfd

  • SHA256

    cfab7da011e6166e23da82d55f36cfd45133c378c508d6eb3a6cce7666c3a14a

  • SHA512

    a028c1edbca78bb569ba2b4e00737a70b8ab82f81c43f963506cc151e9bef4fe258a830410d2a7a33a82d06010b3823a49612908830b2ec9c3b100c1f29cd340

  • SSDEEP

    12288:zy90vjJjbCfetJ3Pck0gULPHkKoNcC90wkwSAQ7W:zygBftJ3Pch/7HkKDwSNa

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      cfab7da011e6166e23da82d55f36cfd45133c378c508d6eb3a6cce7666c3a14a.bin

    • Size

      674KB

    • MD5

      dcdf391cb2d4488e55439d1d99062505

    • SHA1

      3c1cb12476bd0ddf1ffb79f252f75228b5038cfd

    • SHA256

      cfab7da011e6166e23da82d55f36cfd45133c378c508d6eb3a6cce7666c3a14a

    • SHA512

      a028c1edbca78bb569ba2b4e00737a70b8ab82f81c43f963506cc151e9bef4fe258a830410d2a7a33a82d06010b3823a49612908830b2ec9c3b100c1f29cd340

    • SSDEEP

      12288:zy90vjJjbCfetJ3Pck0gULPHkKoNcC90wkwSAQ7W:zygBftJ3Pch/7HkKDwSNa

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks