redline | 6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9 | Triage

Submit
Reports

Overview

overview

Static

static

3

6b594eb401...b9.exe

windows7-x64

6b594eb401...b9.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9.bin
Size

1.1MB
Sample

230506-2azzgscb83
MD5

e3365864b6a04a773e5d481be85847dc
SHA1

71dbabaad70bb8f79f5f4b9017037e1b237d96f1
SHA256

6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9
SHA512

6125ae1ed9b7ac78f17322a7f283d87d131f80f81b3139497b4cf70ac1fe1c21aa74a5b5f92fbadb4d71bf692d78867e7b991739cab368786d597bdbba2ed86c
SSDEEP

24576:9y0fuGm/PlyudTg19nLYv09CvtAhdsv0wxkyCRROaiT:Y0f5eFTgnL4IKAhWvpSykRO

Score

10^/10

redline evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9.exe

Resource

win7-20230220-en

evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9.exe

Resource

win10v2004-20230220-en

redline evasion infostealer persistence stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9.bin
- Size
  
  1.1MB
- MD5
  
  e3365864b6a04a773e5d481be85847dc
- SHA1
  
  71dbabaad70bb8f79f5f4b9017037e1b237d96f1
- SHA256
  
  6b594eb401f09b76fbeade3e6bcfa68910c1160b5a160ddb6ddf38ce8d3ea8b9
- SHA512
  
  6125ae1ed9b7ac78f17322a7f283d87d131f80f81b3139497b4cf70ac1fe1c21aa74a5b5f92fbadb4d71bf692d78867e7b991739cab368786d597bdbba2ed86c
- SSDEEP
  
  24576:9y0fuGm/PlyudTg19nLYv09CvtAhdsv0wxkyCRROaiT:Y0f5eFTgnL4IKAhWvpSykRO
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy