Overview

overview

10

Static

static

3

4e585e4e1a...67.exe

windows7-x64

10

4e585e4e1a...67.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4e585e4e1a4e3966855e083ae2dc9a046685ccb834ae34360e77b42c5b72b067

  • Size

    479KB

  • Sample

    230506-1pwd6she57

  • MD5

    23e63039c04589ffaf13d23591708a73

  • SHA1

    9bf4ca291b58837a1b33806a6e6802fa57a42d7b

  • SHA256

    4e585e4e1a4e3966855e083ae2dc9a046685ccb834ae34360e77b42c5b72b067

  • SHA512

    2bb471992a4d7716035ee350d990641f1ddf2c7145e542f32a950b4b7d8e47ecee283036d7ff91fbe5fb8711a00f71e5afffbcf6bea5b666b13950b073c9e280

  • SSDEEP

    12288:yMrby90Nx5EO8PQxI1m7Od6PjeikRzQcM/Q:ZycrEFoxI0O8a3QcJ

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      4e585e4e1a4e3966855e083ae2dc9a046685ccb834ae34360e77b42c5b72b067

    • Size

      479KB

    • MD5

      23e63039c04589ffaf13d23591708a73

    • SHA1

      9bf4ca291b58837a1b33806a6e6802fa57a42d7b

    • SHA256

      4e585e4e1a4e3966855e083ae2dc9a046685ccb834ae34360e77b42c5b72b067

    • SHA512

      2bb471992a4d7716035ee350d990641f1ddf2c7145e542f32a950b4b7d8e47ecee283036d7ff91fbe5fb8711a00f71e5afffbcf6bea5b666b13950b073c9e280

    • SSDEEP

      12288:yMrby90Nx5EO8PQxI1m7Od6PjeikRzQcM/Q:ZycrEFoxI0O8a3QcJ

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks