redline | 5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e | Triage

Submit
Reports

Overview

overview

Static

static

3

5850739931...0e.exe

windows7-x64

5850739931...0e.exe

windows10-2004-x64

Sharing

General

Target

5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e
Size

1.3MB
Sample

230506-1xxl7sad93
MD5

24cca2a9f98862f05d8ec923d854eb41
SHA1

81df5fb2dfbaf33eeb4c18d6c73bbf531c3434fd
SHA256

5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e
SHA512

79a7c41d16282a2ad9518b00ea15cc01c6aec40a727fa0154f221ce76783a72bbefd355b655f384d24591b253173284d46994d376c9fc51b549ec82461cdb96b
SSDEEP

24576:cy5jD+g4kFvov3p8KuYWCI6T/vVoFLjnFjXp8Q8V:L1D4wc8G15TXVULj958r

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e
- Size
  
  1.3MB
- MD5
  
  24cca2a9f98862f05d8ec923d854eb41
- SHA1
  
  81df5fb2dfbaf33eeb4c18d6c73bbf531c3434fd
- SHA256
  
  5850739931e664a83db3cccc00f089af6373d0c9eac044a5af880f9a0d3d370e
- SHA512
  
  79a7c41d16282a2ad9518b00ea15cc01c6aec40a727fa0154f221ce76783a72bbefd355b655f384d24591b253173284d46994d376c9fc51b549ec82461cdb96b
- SSDEEP
  
  24576:cy5jD+g4kFvov3p8KuYWCI6T/vVoFLjnFjXp8Q8V:L1D4wc8G15TXVULj958r
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2024

Terms | Privacy