redline | 59c6d42fd136febd0caa33659e78bbb3257c5f8c7e049859d22f42f721b4a167 | Triage

Sharing

General

Target

59c6d42fd136febd0caa33659e78bbb3257c5f8c7e049859d22f42f721b4a167
Size

479KB
Sample

230506-1ytxpscd8v
MD5

2fde26f710df3a0a68c74d918ca996fc
SHA1

3d332867439b0a86880e13373de20f77081eb224
SHA256

59c6d42fd136febd0caa33659e78bbb3257c5f8c7e049859d22f42f721b4a167
SHA512

b6e9100341c1f046efb0552770b9cbf5ec7cc59982ff664d6c3b75f362ac4bb2adb1f04c55764a48ce1870c5c857a74a382e182a1e5f4aa57f27af1d932a99a0
SSDEEP

6144:KNy+bnr+Wp0yN90QErbSyfn6jkzdtoOBZ/44zkiY7nJ4gwQQ4fY9:jMrOy90RbSS643j74+ZBQQ4f2

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  59c6d42fd136febd0caa33659e78bbb3257c5f8c7e049859d22f42f721b4a167
- Size
  
  479KB
- MD5
  
  2fde26f710df3a0a68c74d918ca996fc
- SHA1
  
  3d332867439b0a86880e13373de20f77081eb224
- SHA256
  
  59c6d42fd136febd0caa33659e78bbb3257c5f8c7e049859d22f42f721b4a167
- SHA512
  
  b6e9100341c1f046efb0552770b9cbf5ec7cc59982ff664d6c3b75f362ac4bb2adb1f04c55764a48ce1870c5c857a74a382e182a1e5f4aa57f27af1d932a99a0
- SSDEEP
  
  6144:KNy+bnr+Wp0yN90QErbSyfn6jkzdtoOBZ/44zkiY7nJ4gwQQ4fY9:jMrOy90RbSS643j74+ZBQQ4f2
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer