redline | 441ebd57793c243ceece5cb24184a8ac73d4b027abc9929cdc795a2f3ae90795 | Triage

Sharing

General

Target

441ebd57793c243ceece5cb24184a8ac73d4b027abc9929cdc795a2f3ae90795.bin
Size

1.2MB
Sample

230506-1gagqsaf3y
MD5

23eb74f7cd7d4098f26bb1343b4a26ca
SHA1

63b2132a26fbf8a955cedc2960cb79d6a704c25a
SHA256

441ebd57793c243ceece5cb24184a8ac73d4b027abc9929cdc795a2f3ae90795
SHA512

a11744e1a2fd8ae7c0b5ad4efa087a915ecdfef80cc7309faa0ad5c5b7b6c437bce3d441c4d3b3f3676690ee81d87730b25b0d1bd02ed4c07dbee0954c466da8
SSDEEP

24576:BGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:BGMOKSUDNGQp9qKqFR4JUcDLqNp/b

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  441ebd57793c243ceece5cb24184a8ac73d4b027abc9929cdc795a2f3ae90795.bin
- Size
  
  1.2MB
- MD5
  
  23eb74f7cd7d4098f26bb1343b4a26ca
- SHA1
  
  63b2132a26fbf8a955cedc2960cb79d6a704c25a
- SHA256
  
  441ebd57793c243ceece5cb24184a8ac73d4b027abc9929cdc795a2f3ae90795
- SHA512
  
  a11744e1a2fd8ae7c0b5ad4efa087a915ecdfef80cc7309faa0ad5c5b7b6c437bce3d441c4d3b3f3676690ee81d87730b25b0d1bd02ed4c07dbee0954c466da8
- SSDEEP
  
  24576:BGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:BGMOKSUDNGQp9qKqFR4JUcDLqNp/b
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan