redline | 54c625cb5cf2f413567f44dd52422943dfa393a4382968db8ad6b3a1b10a196d | Triage

Sharing

General

Target

54c625cb5cf2f413567f44dd52422943dfa393a4382968db8ad6b3a1b10a196d.bin
Size

611KB
Sample

230506-1vskgaab66
MD5

23b1984db98a385a8c939eac3dcd4263
SHA1

e8959f2ea8e53906570342ba32dfd44bb341adaf
SHA256

54c625cb5cf2f413567f44dd52422943dfa393a4382968db8ad6b3a1b10a196d
SHA512

c78373737b148b249c19d8efd4d9c82a5e854939f37b3a7291851853bd0a56fb9a57b01c2342bc703df43c316a770bfe7c4b468a02ad1d446c44fc7c3ded60fa
SSDEEP

12288:7y90UhD9XfR5E4YuEDFj22qXfS/NhUJCB7a074U:7yBd9vR5QuEDFj22qXfeB7/4U

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  54c625cb5cf2f413567f44dd52422943dfa393a4382968db8ad6b3a1b10a196d.bin
- Size
  
  611KB
- MD5
  
  23b1984db98a385a8c939eac3dcd4263
- SHA1
  
  e8959f2ea8e53906570342ba32dfd44bb341adaf
- SHA256
  
  54c625cb5cf2f413567f44dd52422943dfa393a4382968db8ad6b3a1b10a196d
- SHA512
  
  c78373737b148b249c19d8efd4d9c82a5e854939f37b3a7291851853bd0a56fb9a57b01c2342bc703df43c316a770bfe7c4b468a02ad1d446c44fc7c3ded60fa
- SSDEEP
  
  12288:7y90UhD9XfR5E4YuEDFj22qXfS/NhUJCB7a074U:7yBd9vR5QuEDFj22qXfeB7/4U
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan