redline | 06c5d28afa1db33d1ffeeb1c3ac882dcbb497fa6a263bbb1adb1227fdc172f34 | Triage

Sharing

General

Target

06c5d28afa1db33d1ffeeb1c3ac882dcbb497fa6a263bbb1adb1227fdc172f34
Size

707KB
Sample

230506-y3vzfsdd7z
MD5

eea516911c040a3232afdb61533cb10b
SHA1

3928c44a1c8b7064494d469c1c95e77c48d23ef9
SHA256

06c5d28afa1db33d1ffeeb1c3ac882dcbb497fa6a263bbb1adb1227fdc172f34
SHA512

71174674a611c708e89b333e75d5bdaacb215f5da6592b4705c8403f5a885c636fa0a6a616e33dbf26ba2e3d70c0ef9dcc91d7452ac46c4e718a7fe79e011faa
SSDEEP

12288:aMrXy90RYpaGc1N2ZN1y/Rl7rn7TUZdvOprelaTaXEDHZ5u74dYqFSmW:1yRaGR1yJhAZd2pClaTd95u0dY7mW

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  06c5d28afa1db33d1ffeeb1c3ac882dcbb497fa6a263bbb1adb1227fdc172f34
- Size
  
  707KB
- MD5
  
  eea516911c040a3232afdb61533cb10b
- SHA1
  
  3928c44a1c8b7064494d469c1c95e77c48d23ef9
- SHA256
  
  06c5d28afa1db33d1ffeeb1c3ac882dcbb497fa6a263bbb1adb1227fdc172f34
- SHA512
  
  71174674a611c708e89b333e75d5bdaacb215f5da6592b4705c8403f5a885c636fa0a6a616e33dbf26ba2e3d70c0ef9dcc91d7452ac46c4e718a7fe79e011faa
- SSDEEP
  
  12288:aMrXy90RYpaGc1N2ZN1y/Rl7rn7TUZdvOprelaTaXEDHZ5u74dYqFSmW:1yRaGR1yJhAZd2pClaTd95u0dY7mW
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer