redline | 4695b22621f6d026e26866b16c81aebdc1b5ae3bb1b8f3afa87765f3faea0f62 | Triage

Sharing

General

Target

4695b22621f6d026e26866b16c81aebdc1b5ae3bb1b8f3afa87765f3faea0f62
Size

376KB
Sample

230506-1h285sgh53
MD5

f8c0ecdf8a6544431b1fbe2e16a18c66
SHA1

4ee46099b697e02e13a569a94e0983a3921243af
SHA256

4695b22621f6d026e26866b16c81aebdc1b5ae3bb1b8f3afa87765f3faea0f62
SHA512

35d190106869728c1f6e2f6b70a322da50ec7aa14e7ac3e972f44a814b073b02004556e8fdd533913aa10c9a13a316008eb29f078cc00448cde6d3790aa434af
SSDEEP

6144:K1y+bnr+Rp0yN90QExFNBqpijMh30q8Ql7SJWAOdYKh2FMcTDf9sU:bMrJy90r3opighRSAPaDb

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  4695b22621f6d026e26866b16c81aebdc1b5ae3bb1b8f3afa87765f3faea0f62
- Size
  
  376KB
- MD5
  
  f8c0ecdf8a6544431b1fbe2e16a18c66
- SHA1
  
  4ee46099b697e02e13a569a94e0983a3921243af
- SHA256
  
  4695b22621f6d026e26866b16c81aebdc1b5ae3bb1b8f3afa87765f3faea0f62
- SHA512
  
  35d190106869728c1f6e2f6b70a322da50ec7aa14e7ac3e972f44a814b073b02004556e8fdd533913aa10c9a13a316008eb29f078cc00448cde6d3790aa434af
- SSDEEP
  
  6144:K1y+bnr+Rp0yN90QExFNBqpijMh30q8Ql7SJWAOdYKh2FMcTDf9sU:bMrJy90r3opighRSAPaDb
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer