redline

General

Target

005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
Size

1.4MB
Sample

230506-ywswhscg3t
MD5

36afbedc4aea6e680097c7134f721b05
SHA1

681c0686d82b3050adcb1cda99ad79a3d46e23be
SHA256

005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
SHA512

9b9ab7a650db6dc5ea5912e1527a41b87e254b4ea5f24adf149d4a4781263a218ae40ed0a409305f48dd23d49786a6dce8cc743edc0c879676b946be2ad99323
SSDEEP

24576:byhhBvapvYX4O5uQNj8RCEC1NmBl2AQMwtuSZ6eY+0b99bTEQcgOg9VjPI855Y2:O5voO4Qd8RvC1NuwArhSZ6egb99bTPtP

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

massa

C2

185.161.248.73:4164

Attributes

auth_value
413bf908ab27d959c62bef532780f511

Targets

- Target
  
  005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
- Size
  
  1.4MB
- MD5
  
  36afbedc4aea6e680097c7134f721b05
- SHA1
  
  681c0686d82b3050adcb1cda99ad79a3d46e23be
- SHA256
  
  005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427
- SHA512
  
  9b9ab7a650db6dc5ea5912e1527a41b87e254b4ea5f24adf149d4a4781263a218ae40ed0a409305f48dd23d49786a6dce8cc743edc0c879676b946be2ad99323
- SSDEEP
  
  24576:byhhBvapvYX4O5uQNj8RCEC1NmBl2AQMwtuSZ6eY+0b99bTEQcgOg9VjPI855Y2:O5voO4Qd8RvC1NuwArhSZ6egb99bTPtP
Score

10^/10

redline massa evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Redline Stealer samples

Modifies Windows Defender Real-time Protection settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2