Overview

overview

10

Static

static

3

4f6727e86a...94.exe

windows7-x64

10

4f6727e86a...94.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4f6727e86addd48855bb2cf5a392a2349a512d4d7daaa79747a152d02e967a94

  • Size

    480KB

  • Sample

    230506-1qnqqabe7t

  • MD5

    18429e1455814d91116c6823d52994fc

  • SHA1

    2401319267ab2856d0bf5b58f8c5cbe39636e7e3

  • SHA256

    4f6727e86addd48855bb2cf5a392a2349a512d4d7daaa79747a152d02e967a94

  • SHA512

    8a7ee7588a3a1eb90cf43bdbf232dab1acce7d8692c261cceb2333d336862fcb3bad794b4ff6e6b31bce81292dd44c42441e598489c22349555fb3b258bed064

  • SSDEEP

    12288:5Mrny907BKE1n8uxNbszrrOzjdN0PdvWDMrimi:eycBPV8uxNAz+ox+ki

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      4f6727e86addd48855bb2cf5a392a2349a512d4d7daaa79747a152d02e967a94

    • Size

      480KB

    • MD5

      18429e1455814d91116c6823d52994fc

    • SHA1

      2401319267ab2856d0bf5b58f8c5cbe39636e7e3

    • SHA256

      4f6727e86addd48855bb2cf5a392a2349a512d4d7daaa79747a152d02e967a94

    • SHA512

      8a7ee7588a3a1eb90cf43bdbf232dab1acce7d8692c261cceb2333d336862fcb3bad794b4ff6e6b31bce81292dd44c42441e598489c22349555fb3b258bed064

    • SSDEEP

      12288:5Mrny907BKE1n8uxNbszrrOzjdN0PdvWDMrimi:eycBPV8uxNAz+ox+ki

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks