redline | 3549c1e964e1072f587f2a942702973b1994fa133122fdb80d6ec105002873cd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3549c1e964e1072f587f2a942702973b1994fa133122fdb80d6ec105002873cd
Size

600KB
Sample

230506-z5yzkahe3t
MD5

884f9204bd0ca4dcfea1692c7ba6ce5a
SHA1

4369f34537f9e2921d90a0244dfaa7b22a06d156
SHA256

3549c1e964e1072f587f2a942702973b1994fa133122fdb80d6ec105002873cd
SHA512

6788bd2542799099c441d0cf46d2bca904fba2cd462e90198efd271e6e9d240a78bf7be4fe6ad3ad74deaa1204b8909175156aa3be04a07c4d9ade6cc89924bd
SSDEEP

12288:OMrSy90rGmTP0m+SAoHoMp+uCaeSriYBzee5jwGL1QSSO+3voHg:QySRwOAoHfTbrigzj1LXZaoHg

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  3549c1e964e1072f587f2a942702973b1994fa133122fdb80d6ec105002873cd
- Size
  
  600KB
- MD5
  
  884f9204bd0ca4dcfea1692c7ba6ce5a
- SHA1
  
  4369f34537f9e2921d90a0244dfaa7b22a06d156
- SHA256
  
  3549c1e964e1072f587f2a942702973b1994fa133122fdb80d6ec105002873cd
- SHA512
  
  6788bd2542799099c441d0cf46d2bca904fba2cd462e90198efd271e6e9d240a78bf7be4fe6ad3ad74deaa1204b8909175156aa3be04a07c4d9ade6cc89924bd
- SSDEEP
  
  12288:OMrSy90rGmTP0m+SAoHoMp+uCaeSriYBzee5jwGL1QSSO+3voHg:QySRwOAoHfTbrigzj1LXZaoHg
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer