redline | 43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8.bin
Size

618KB
Sample

230506-1f1brsae9s
MD5

b30e0a4785cec3b257c3a9612a1dbfd8
SHA1

59d57ccb332c15293935f06e4988a99155d87560
SHA256

43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8
SHA512

b34dd92e1cede2324cd605a2178af853ac67994944f0e0c86a11f200a2afdfa57b1300409ae780c0b869dd4059b24d23e11746ff33258f91a5e20187ae9bc17c
SSDEEP

12288:My90XcOTvSjqiiF0gufvR5ebrBimueRcclNPiYtn3hWREeMKJzk4:MymcEvSiF0g3WOrt0RLJI4

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8.bin
- Size
  
  618KB
- MD5
  
  b30e0a4785cec3b257c3a9612a1dbfd8
- SHA1
  
  59d57ccb332c15293935f06e4988a99155d87560
- SHA256
  
  43940d0d2dbd9ace847a8479fa905e8f09f1aee3946ad73bea873ced1dc6f9c8
- SHA512
  
  b34dd92e1cede2324cd605a2178af853ac67994944f0e0c86a11f200a2afdfa57b1300409ae780c0b869dd4059b24d23e11746ff33258f91a5e20187ae9bc17c
- SSDEEP
  
  12288:My90XcOTvSjqiiF0gufvR5ebrBimueRcclNPiYtn3hWREeMKJzk4:MymcEvSiF0g3WOrt0RLJI4
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan