Overview

overview

10

Static

static

3

f63470d591...44.exe

windows7-x64

10

f63470d591...44.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f63470d591ecb9907f17f81729a864d2e5724d0fc6fa140c7dc230c573f00644.bin

  • Size

    611KB

  • Sample

    230505-za16fafe2s

  • MD5

    dd140c5dd79f4211320d7e6b751aa7c1

  • SHA1

    f43ecb8a93fc938f5e8d9e4fcf9f4dfd85fed9c4

  • SHA256

    f63470d591ecb9907f17f81729a864d2e5724d0fc6fa140c7dc230c573f00644

  • SHA512

    42cff07187801f2c5b7645ef9a9df479ab38f0a3eccb8c4ae28423c58a833207c8754043cd4375cc698a4a57f7679f45c8e93e7dae490efb62991d426a62249d

  • SSDEEP

    12288:My907bAO94Pmm5+WiAzk9XfS9NhCrVFmnZgW:Myg9o99k9XfjmnZgW

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      f63470d591ecb9907f17f81729a864d2e5724d0fc6fa140c7dc230c573f00644.bin

    • Size

      611KB

    • MD5

      dd140c5dd79f4211320d7e6b751aa7c1

    • SHA1

      f43ecb8a93fc938f5e8d9e4fcf9f4dfd85fed9c4

    • SHA256

      f63470d591ecb9907f17f81729a864d2e5724d0fc6fa140c7dc230c573f00644

    • SHA512

      42cff07187801f2c5b7645ef9a9df479ab38f0a3eccb8c4ae28423c58a833207c8754043cd4375cc698a4a57f7679f45c8e93e7dae490efb62991d426a62249d

    • SSDEEP

      12288:My907bAO94Pmm5+WiAzk9XfS9NhCrVFmnZgW:Myg9o99k9XfjmnZgW

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks