redline | 65a28c4089c1af47a25b8e8ef721f7881fe448e1708f95c90bc2595126d5b539 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65a28c4089c1af47a25b8e8ef721f7881fe448e1708f95c90bc2595126d5b539
Size

376KB
Sample

230506-17d8lsbf82
MD5

aa84a20361c5e1c3fd6439aaf25f03eb
SHA1

e7218a3d304552000cea8d79fcae61a1a2507afa
SHA256

65a28c4089c1af47a25b8e8ef721f7881fe448e1708f95c90bc2595126d5b539
SHA512

a3dc4df28e68bb11456b60f2e89895b2ad3df0f03f2ebf3cd93592a5bdb81622e04d0d3ff6d4c9a3f514790f07b43d58ac357442bf9f0287bc6279ea9d5b7ebe
SSDEEP

6144:Kvy+bnr+1p0yN90QEgmseQM/NdJxpkStpvj20RiIZPB0:xMrly90qmsLMPJxXtpr2wiePW

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  65a28c4089c1af47a25b8e8ef721f7881fe448e1708f95c90bc2595126d5b539
- Size
  
  376KB
- MD5
  
  aa84a20361c5e1c3fd6439aaf25f03eb
- SHA1
  
  e7218a3d304552000cea8d79fcae61a1a2507afa
- SHA256
  
  65a28c4089c1af47a25b8e8ef721f7881fe448e1708f95c90bc2595126d5b539
- SHA512
  
  a3dc4df28e68bb11456b60f2e89895b2ad3df0f03f2ebf3cd93592a5bdb81622e04d0d3ff6d4c9a3f514790f07b43d58ac357442bf9f0287bc6279ea9d5b7ebe
- SSDEEP
  
  6144:Kvy+bnr+1p0yN90QEgmseQM/NdJxpkStpvj20RiIZPB0:xMrly90qmsLMPJxXtpr2wiePW
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer