redline | 6ee58be9c45d2dde9b0ed9cf3839a3b2b42b98aaac5b6f0b1d959102abea6143 | Triage

Sharing

General

Target

6ee58be9c45d2dde9b0ed9cf3839a3b2b42b98aaac5b6f0b1d959102abea6143
Size

376KB
Sample

230506-2c7r4sce34
MD5

86ad5363b07a531e067e7e25de8649c3
SHA1

a06a63656ee4cac53bdb96b2c69290d14e78caa7
SHA256

6ee58be9c45d2dde9b0ed9cf3839a3b2b42b98aaac5b6f0b1d959102abea6143
SHA512

c79a94400167d9421e051a06f7270f9b8f019933aeab5953e6ced545c90140ba471ed1b53556b9d6ae13737f9d653d59d059dd02cda9748ce05b3a21a5143bae
SSDEEP

6144:Kcy+bnr+ip0yN90QEwjInOtgSjORlfqXWLdy2a0CRDAO8MHIaqIWn0UnZKL1Fp7T:0MrWy902j5tLZXMyIeD5Fen0UnM

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  6ee58be9c45d2dde9b0ed9cf3839a3b2b42b98aaac5b6f0b1d959102abea6143
- Size
  
  376KB
- MD5
  
  86ad5363b07a531e067e7e25de8649c3
- SHA1
  
  a06a63656ee4cac53bdb96b2c69290d14e78caa7
- SHA256
  
  6ee58be9c45d2dde9b0ed9cf3839a3b2b42b98aaac5b6f0b1d959102abea6143
- SHA512
  
  c79a94400167d9421e051a06f7270f9b8f019933aeab5953e6ced545c90140ba471ed1b53556b9d6ae13737f9d653d59d059dd02cda9748ce05b3a21a5143bae
- SSDEEP
  
  6144:Kcy+bnr+ip0yN90QEwjInOtgSjORlfqXWLdy2a0CRDAO8MHIaqIWn0UnZKL1Fp7T:0MrWy902j5tLZXMyIeD5Fen0UnM
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer