redline | 6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3 | Triage

Submit
Reports

Overview

overview

Static

static

3

6bab6dbe15...c3.exe

windows7-x64

6bab6dbe15...c3.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3.bin
Size

1.0MB
Sample

230506-2a7z4aea3s
MD5

c333722d62bbbe0d425aa2e8b9a05395
SHA1

53ea22a49c00c7e49e2d15ab68df306a04e91133
SHA256

6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3
SHA512

cf8d5b384e94bb155085d834419d2ea65014df0ada86c56f7bb4e3c1f4c2a9d4014e56892c6012212e671cdf7c8760cd1c8c3cf2e34e0dd0e0cb64e2b61ddcf1
SSDEEP

24576:FCAYkSvuevX2o0Kjm4BNQyv39+v19w6NpkH+RQ0R4owkPiyFG7HEK:BStvX2ozjm4HFv3M0ckH+RocjFG

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3.bin
- Size
  
  1.0MB
- MD5
  
  c333722d62bbbe0d425aa2e8b9a05395
- SHA1
  
  53ea22a49c00c7e49e2d15ab68df306a04e91133
- SHA256
  
  6bab6dbe15bef6d22aae59a047a81e514e3cfa050654f601d772c585811b74c3
- SHA512
  
  cf8d5b384e94bb155085d834419d2ea65014df0ada86c56f7bb4e3c1f4c2a9d4014e56892c6012212e671cdf7c8760cd1c8c3cf2e34e0dd0e0cb64e2b61ddcf1
- SSDEEP
  
  24576:FCAYkSvuevX2o0Kjm4BNQyv39+v19w6NpkH+RQ0R4owkPiyFG7HEK:BStvX2ozjm4HFv3M0ckH+RocjFG
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy