redline | f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818 | Triage

Submit
Reports

Overview

overview

Static

static

3

f80fad90bb...18.exe

windows7-x64

f80fad90bb...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818.bin
Size

1.2MB
Sample

230505-zbyrpsff2t
MD5

4010807d09a46551ac4ead835e4409b1
SHA1

df571d4b61e42bbf950bdfe47f7e67961b57895a
SHA256

f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818
SHA512

7677c12fa18e2467b4b44255fbc641117fe3c26c23b5d86a61d4f8be1ac8700ca953d8aae4be384d6ae9a4e51c8df9e0d6672d2aa5d1e6f351d4675040c1a2b2
SSDEEP

24576:pj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:pj76L+oqyf2Bl/ksdr754iw017bmw

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818.bin
- Size
  
  1.2MB
- MD5
  
  4010807d09a46551ac4ead835e4409b1
- SHA1
  
  df571d4b61e42bbf950bdfe47f7e67961b57895a
- SHA256
  
  f80fad90bbc84b438961d9a5ee7276dc9ca292cf0bd1da2c92a38a41206c0818
- SHA512
  
  7677c12fa18e2467b4b44255fbc641117fe3c26c23b5d86a61d4f8be1ac8700ca953d8aae4be384d6ae9a4e51c8df9e0d6672d2aa5d1e6f351d4675040c1a2b2
- SSDEEP
  
  24576:pj3DX6L44JAoqyf2Bh1F/tSs8mL2U7wucjiw017bw1xq9poyMmem:pj76L+oqyf2Bl/ksdr754iw017bmw
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy