redline | 012a6730d118d6ea8ffba3a4c8a95e77a139fcd53a8f61679eacd5bb833d87c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

012a6730d118d6ea8ffba3a4c8a95e77a139fcd53a8f61679eacd5bb833d87c8
Size

1.2MB
Sample

230506-2g7ynsch99
MD5

d389d013945bc1a5d741b60a923eab26
SHA1

1c554706ef98d2c1af5a0b29302038f6c3c2d754
SHA256

012a6730d118d6ea8ffba3a4c8a95e77a139fcd53a8f61679eacd5bb833d87c8
SHA512

acfe8920f92b064cf55d0176042f941a085b00e7d5b882dbeeb84fb4774b938e46adc0f6775e97d2e13ca67f249ade2820d697375338d4ac3779f55850958f50
SSDEEP

24576:bySvEZwF1gZ9jWLBljhPBZ0riPzkKHa6jJMc5LzGPOqa7UD4PpLCGrbkF:OSvEZQeZsLBCiPzy6jfLzzrxRr

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  012a6730d118d6ea8ffba3a4c8a95e77a139fcd53a8f61679eacd5bb833d87c8
- Size
  
  1.2MB
- MD5
  
  d389d013945bc1a5d741b60a923eab26
- SHA1
  
  1c554706ef98d2c1af5a0b29302038f6c3c2d754
- SHA256
  
  012a6730d118d6ea8ffba3a4c8a95e77a139fcd53a8f61679eacd5bb833d87c8
- SHA512
  
  acfe8920f92b064cf55d0176042f941a085b00e7d5b882dbeeb84fb4774b938e46adc0f6775e97d2e13ca67f249ade2820d697375338d4ac3779f55850958f50
- SSDEEP
  
  24576:bySvEZwF1gZ9jWLBljhPBZ0riPzkKHa6jJMc5LzGPOqa7UD4PpLCGrbkF:OSvEZQeZsLBCiPzy6jfLzzrxRr
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan