redline | e08e314b61d09e7c38fc00cec283c27fdd6573089331a14383b8d46117550e7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ed202b04f3db8e0e366a88aae375382.exe
Size

376KB
Sample

230506-z1e1wsgh4y
MD5

2ed202b04f3db8e0e366a88aae375382
SHA1

ea71336c75de24bc28fb78bf5480c454d9100769
SHA256

e08e314b61d09e7c38fc00cec283c27fdd6573089331a14383b8d46117550e7f
SHA512

abf19d941186ece5a07f436f90c41621bf31b46d668e92879af9cdac7983b8c592767628281a9b73c181eed38f0fe3ea3ae4a8f108c1fbf3b1f0204ea4093c33
SSDEEP

6144:KBy+bnr+5p0yN90QE8Ktc/y1eK0p27LQ/fgd1+SPWBJEyVbejWwYcPK:/MrBy903tc/LK0ULQ3SPYV4PK

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  2ed202b04f3db8e0e366a88aae375382.exe
- Size
  
  376KB
- MD5
  
  2ed202b04f3db8e0e366a88aae375382
- SHA1
  
  ea71336c75de24bc28fb78bf5480c454d9100769
- SHA256
  
  e08e314b61d09e7c38fc00cec283c27fdd6573089331a14383b8d46117550e7f
- SHA512
  
  abf19d941186ece5a07f436f90c41621bf31b46d668e92879af9cdac7983b8c592767628281a9b73c181eed38f0fe3ea3ae4a8f108c1fbf3b1f0204ea4093c33
- SSDEEP
  
  6144:KBy+bnr+5p0yN90QE8Ktc/y1eK0p27LQ/fgd1+SPWBJEyVbejWwYcPK:/MrBy903tc/LK0ULQ3SPYV4PK
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer