redline | 524efa1755ea4a0943a65c9ab219615a42ddcd98db30881cc711f43141a1f637 | Triage

Sharing

General

Target

524efa1755ea4a0943a65c9ab219615a42ddcd98db30881cc711f43141a1f637.bin
Size

563KB
Sample

230506-1syzgahh65
MD5

0df69b84cf491c9dd1ad5fa1252359e8
SHA1

907666573a5c8cde25bf66bd63069474f8adf2de
SHA256

524efa1755ea4a0943a65c9ab219615a42ddcd98db30881cc711f43141a1f637
SHA512

d9573e5a080b6956b12bd2570466a2b483e12a775339ce33efdf754feeb2d3e7415b0b88bff5aae72dd6c4e37137e6e1bb83620a8724f96badf3038ccfe57de9
SSDEEP

12288:0y90gokXwihVMxruS0ojPI27kwVkgTl1j9t:0yBYiIBnjAPwagZ1jD

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  524efa1755ea4a0943a65c9ab219615a42ddcd98db30881cc711f43141a1f637.bin
- Size
  
  563KB
- MD5
  
  0df69b84cf491c9dd1ad5fa1252359e8
- SHA1
  
  907666573a5c8cde25bf66bd63069474f8adf2de
- SHA256
  
  524efa1755ea4a0943a65c9ab219615a42ddcd98db30881cc711f43141a1f637
- SHA512
  
  d9573e5a080b6956b12bd2570466a2b483e12a775339ce33efdf754feeb2d3e7415b0b88bff5aae72dd6c4e37137e6e1bb83620a8724f96badf3038ccfe57de9
- SSDEEP
  
  12288:0y90gokXwihVMxruS0ojPI27kwVkgTl1j9t:0yBYiIBnjAPwagZ1jD
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan