redline | 37c650fe8c512ac9176a623455fce9597cce74e8f9cef2810270ebf4614dba3a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37c650fe8c512ac9176a623455fce9597cce74e8f9cef2810270ebf4614dba3a
Size

589KB
Sample

230506-z7kvqahf7s
MD5

b712c785c72640b0753a315d6a04f018
SHA1

01693c177dd5343e2facac54ef5aa0ab6bfc33ff
SHA256

37c650fe8c512ac9176a623455fce9597cce74e8f9cef2810270ebf4614dba3a
SHA512

63765240b9bb6726dda364047c4b3c33b2eb60851369df60ab5b006771e9b4331d9fd884194e27231a541c518e018b25d9784fed58939a6c116bcc5b27bc4b4c
SSDEEP

12288:3MrVy90kErRY/kQm8M35QgvwRCluaRhIS1HGqyzht7x3nyzoYpJ3Ft:+yp6AMJQQhluaRhFmVJyjpTt

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  37c650fe8c512ac9176a623455fce9597cce74e8f9cef2810270ebf4614dba3a
- Size
  
  589KB
- MD5
  
  b712c785c72640b0753a315d6a04f018
- SHA1
  
  01693c177dd5343e2facac54ef5aa0ab6bfc33ff
- SHA256
  
  37c650fe8c512ac9176a623455fce9597cce74e8f9cef2810270ebf4614dba3a
- SHA512
  
  63765240b9bb6726dda364047c4b3c33b2eb60851369df60ab5b006771e9b4331d9fd884194e27231a541c518e018b25d9784fed58939a6c116bcc5b27bc4b4c
- SSDEEP
  
  12288:3MrVy90kErRY/kQm8M35QgvwRCluaRhIS1HGqyzht7x3nyzoYpJ3Ft:+yp6AMJQQhluaRhFmVJyjpTt
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer