redline | 3368176c9021efc27f157714ce44b328a5e08d02f92ab536fd2cade22e7540fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3368176c9021efc27f157714ce44b328a5e08d02f92ab536fd2cade22e7540fa
Size

709KB
Sample

230506-z4lylshc9s
MD5

d289175365ed703066947652e50b9254
SHA1

1b9c154d5b52580d60df232c9006e0294e4c354f
SHA256

3368176c9021efc27f157714ce44b328a5e08d02f92ab536fd2cade22e7540fa
SHA512

0ecf06529b76b25e6f0e1807138ff0b8cd99e6821e44a9a7bd2d8f544c18313bf699597fafd64da2cf9fe06a276a3f8cec8211a04e4853e2cb1d124dcbc96798
SSDEEP

12288:WMrpy90fOHyXBqJibmBza9dc7uYHjj37A79T/0dvv3UiweOPQa+aXEW8SqolTU7Q:HyJHGsaTcfHf3kRsNciwrPQa+dW87YTN

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  3368176c9021efc27f157714ce44b328a5e08d02f92ab536fd2cade22e7540fa
- Size
  
  709KB
- MD5
  
  d289175365ed703066947652e50b9254
- SHA1
  
  1b9c154d5b52580d60df232c9006e0294e4c354f
- SHA256
  
  3368176c9021efc27f157714ce44b328a5e08d02f92ab536fd2cade22e7540fa
- SHA512
  
  0ecf06529b76b25e6f0e1807138ff0b8cd99e6821e44a9a7bd2d8f544c18313bf699597fafd64da2cf9fe06a276a3f8cec8211a04e4853e2cb1d124dcbc96798
- SSDEEP
  
  12288:WMrpy90fOHyXBqJibmBza9dc7uYHjj37A79T/0dvv3UiweOPQa+aXEW8SqolTU7Q:HyJHGsaTcfHf3kRsNciwrPQa+dW87YTN
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer