redline | 191a0b1a831e80740581ff5bb90b0dc09c9c3b1579960391138b98f1e6a1d51d | Triage

Resubmissions

29-10-2024 12:24

241029-plfzjavgpl 10

06-05-2023 23:36

230506-3lx5psba2x 10

Sharing

General

Target

191a0b1a831e80740581ff5bb90b0dc09c9c3b1579960391138b98f1e6a1d51d
Size

1.2MB
Sample

230506-3lx5psba2x
MD5

0c9f826913c645a8a80108c3f929cb0c
SHA1

6d2a9f2a5a6b2f53bb830859365404262f8556c5
SHA256

191a0b1a831e80740581ff5bb90b0dc09c9c3b1579960391138b98f1e6a1d51d
SHA512

b731a6e33a23a1b3d4f087dca1032cbf469713f657f8b10b597f2abee172ffed25924206ca990d39076119025e83979d60ff210c941118cab82c78d2cc62f9d2
SSDEEP

24576:2YfpUXN4pJObch6IIj4y/J7eiLQoHn1zB/hN37JQjXfsTedQ4hF:FfwNsjhHITR7emQ+n1z1DlQjk

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  191a0b1a831e80740581ff5bb90b0dc09c9c3b1579960391138b98f1e6a1d51d
- Size
  
  1.2MB
- MD5
  
  0c9f826913c645a8a80108c3f929cb0c
- SHA1
  
  6d2a9f2a5a6b2f53bb830859365404262f8556c5
- SHA256
  
  191a0b1a831e80740581ff5bb90b0dc09c9c3b1579960391138b98f1e6a1d51d
- SHA512
  
  b731a6e33a23a1b3d4f087dca1032cbf469713f657f8b10b597f2abee172ffed25924206ca990d39076119025e83979d60ff210c941118cab82c78d2cc62f9d2
- SSDEEP
  
  24576:2YfpUXN4pJObch6IIj4y/J7eiLQoHn1zB/hN37JQjXfsTedQ4hF:FfwNsjhHITR7emQ+n1z1DlQjk
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan