redline | 5ca05e8d0eadd15d3693d0eb81fdf62314f79f8ada30c9af1b92fe980a752c22 | Triage

Sharing

General

Target

5ca05e8d0eadd15d3693d0eb81fdf62314f79f8ada30c9af1b92fe980a752c22.bin
Size

1.0MB
Sample

230506-11krtaah34
MD5

b7771aca6b9f38cfea62801a65303aed
SHA1

bc85b5dace57567aa09540fb0b9d8a8656866374
SHA256

5ca05e8d0eadd15d3693d0eb81fdf62314f79f8ada30c9af1b92fe980a752c22
SHA512

59b39352d26498bda447080bfe02b7044619cc452c2f56ad4cf1c74157ffeca719d5e79feab06b98e5e55c7cb83f4b430c7fa0151faae232485a17cfd02b6733
SSDEEP

24576:PySQlUFiTCSoiuLB49P4VKuwFv2QJjr8pO7v:awFinh9QVBgvv98p

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  5ca05e8d0eadd15d3693d0eb81fdf62314f79f8ada30c9af1b92fe980a752c22.bin
- Size
  
  1.0MB
- MD5
  
  b7771aca6b9f38cfea62801a65303aed
- SHA1
  
  bc85b5dace57567aa09540fb0b9d8a8656866374
- SHA256
  
  5ca05e8d0eadd15d3693d0eb81fdf62314f79f8ada30c9af1b92fe980a752c22
- SHA512
  
  59b39352d26498bda447080bfe02b7044619cc452c2f56ad4cf1c74157ffeca719d5e79feab06b98e5e55c7cb83f4b430c7fa0151faae232485a17cfd02b6733
- SSDEEP
  
  24576:PySQlUFiTCSoiuLB49P4VKuwFv2QJjr8pO7v:awFinh9QVBgvv98p
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan