redline

General

Target

60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39.bin
Size

691KB
Sample

230506-13lrwsch8y
MD5

7c3275409a3c421c4c64c84557d0369e
SHA1

040731069fd061021fd8b3a0cb0531eed1824492
SHA256

60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39
SHA512

0e12ae1e1c7c8a3bd040ab215d6a4129898b8a356981a68e808bed17ad101c821bba6fcc5a1295d2b89a2fde2282542b633f062ea309b578268d24a47da0ab80
SSDEEP

12288:Dy90PWUJi5+BLKRv4AdCYcmrIlzyesue2Q7wVgANBZSSr4b5PKq:DyQWZyk4XtJyxt2iANeSkb5Pd

Score

10^/10

Malware Config

Targets

- Target
  
  60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39.bin
- Size
  
  691KB
- MD5
  
  7c3275409a3c421c4c64c84557d0369e
- SHA1
  
  040731069fd061021fd8b3a0cb0531eed1824492
- SHA256
  
  60030ecc6b5fd606c7f00bdbceb76de28a8f554e6ab1836fc3f58d86d7ad8b39
- SHA512
  
  0e12ae1e1c7c8a3bd040ab215d6a4129898b8a356981a68e808bed17ad101c821bba6fcc5a1295d2b89a2fde2282542b633f062ea309b578268d24a47da0ab80
- SSDEEP
  
  12288:Dy90PWUJi5+BLKRv4AdCYcmrIlzyesue2Q7wVgANBZSSr4b5PKq:DyQWZyk4XtJyxt2iANeSkb5Pd
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Redline Stealer samples

Modifies Windows Defender Real-time Protection settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2