Overview

overview

10

Static

static

3

46c5f9212c...d8.exe

windows7-x64

10

46c5f9212c...d8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    46c5f9212c02daee60a01060d8646165f7c37f11537f2c7922c0a0dd1d6727d8.bin

  • Size

    563KB

  • Sample

    230506-1h6xbsag9w

  • MD5

    f2f2496cc0286c2f7bf95c7a9e040599

  • SHA1

    90814cb1dae6027a62979a6d6e4d2e41e14baa3f

  • SHA256

    46c5f9212c02daee60a01060d8646165f7c37f11537f2c7922c0a0dd1d6727d8

  • SHA512

    60f349ba20ef96f880eb89cb37413a6ec77f8078d3aaa4a8ef9411bfff8a8d0d13537dd0fe9cabd8764611a1363a09f1bb76cf98423809e8edfb07a367d45e57

  • SSDEEP

    12288:Zy906kYcDIyUUxTXnnoCmIV70kGtGrF4c:ZyRkYML3oCbu7+ec

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      46c5f9212c02daee60a01060d8646165f7c37f11537f2c7922c0a0dd1d6727d8.bin

    • Size

      563KB

    • MD5

      f2f2496cc0286c2f7bf95c7a9e040599

    • SHA1

      90814cb1dae6027a62979a6d6e4d2e41e14baa3f

    • SHA256

      46c5f9212c02daee60a01060d8646165f7c37f11537f2c7922c0a0dd1d6727d8

    • SHA512

      60f349ba20ef96f880eb89cb37413a6ec77f8078d3aaa4a8ef9411bfff8a8d0d13537dd0fe9cabd8764611a1363a09f1bb76cf98423809e8edfb07a367d45e57

    • SSDEEP

      12288:Zy906kYcDIyUUxTXnnoCmIV70kGtGrF4c:ZyRkYML3oCbu7+ec

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks