Overview

overview

10

Static

static

3

063b01cae7...be.exe

windows7-x64

10

063b01cae7...be.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    063b01cae730941160ce661e2725bc154a2308fae106e9520b79115a258940be

  • Size

    480KB

  • Sample

    230506-2mnrzsde57

  • MD5

    ee5ec3f300d4b93f02f54ed4b8b929a5

  • SHA1

    b2c1da1b38e86586d69adaa2dd2cd0758ffed6dd

  • SHA256

    063b01cae730941160ce661e2725bc154a2308fae106e9520b79115a258940be

  • SHA512

    d6c7049d1c016fab0ccbbec878aa27795e3cd8ef0fd256e5717e9de5b3ed66a19bca029b52bd5da1d41debf0e104b2aebb04230cee6e311196df3e63efabbee4

  • SSDEEP

    12288:5MrQy90iPKEgxoL7PpxIaIImzCfxp8S2YJc:VyVSET7B6WJp8tYG

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      063b01cae730941160ce661e2725bc154a2308fae106e9520b79115a258940be

    • Size

      480KB

    • MD5

      ee5ec3f300d4b93f02f54ed4b8b929a5

    • SHA1

      b2c1da1b38e86586d69adaa2dd2cd0758ffed6dd

    • SHA256

      063b01cae730941160ce661e2725bc154a2308fae106e9520b79115a258940be

    • SHA512

      d6c7049d1c016fab0ccbbec878aa27795e3cd8ef0fd256e5717e9de5b3ed66a19bca029b52bd5da1d41debf0e104b2aebb04230cee6e311196df3e63efabbee4

    • SSDEEP

      12288:5MrQy90iPKEgxoL7PpxIaIImzCfxp8S2YJc:VyVSET7B6WJp8tYG

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks