redline

General

Target

390f9b7bd6f5035522f64194b9fd686112b281d880e9a529e969fe743893422f
Size

924KB
Sample

230506-z8cwhafg37
MD5

a08f2ffc86f7670670ea8ce061979071
SHA1

2a880260e0164a2e3c5ff3e8761dae3c660810da
SHA256

390f9b7bd6f5035522f64194b9fd686112b281d880e9a529e969fe743893422f
SHA512

cb21af0ea4e9d61329d3a2014c8e9b8b93e1a81e7f751ce6e0a11f85f3926f4d5165f95dfaaa1129cfe2c555d10bb4208b0ae30e06ab133e4585bf4479e4f1c6
SSDEEP

24576:0y+q6hxpBqjNKXbxFcZOVSG4S/THHzb2e3KweRX:D+X/XqJUf4G4ITHH+UKbR

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

217.196.96.56:4138

Attributes

auth_value
fcb02fce9bc10c56a9841d56974bd7b8

Targets

- Target
  
  390f9b7bd6f5035522f64194b9fd686112b281d880e9a529e969fe743893422f
- Size
  
  924KB
- MD5
  
  a08f2ffc86f7670670ea8ce061979071
- SHA1
  
  2a880260e0164a2e3c5ff3e8761dae3c660810da
- SHA256
  
  390f9b7bd6f5035522f64194b9fd686112b281d880e9a529e969fe743893422f
- SHA512
  
  cb21af0ea4e9d61329d3a2014c8e9b8b93e1a81e7f751ce6e0a11f85f3926f4d5165f95dfaaa1129cfe2c555d10bb4208b0ae30e06ab133e4585bf4479e4f1c6
- SSDEEP
  
  24576:0y+q6hxpBqjNKXbxFcZOVSG4S/THHzb2e3KweRX:D+X/XqJUf4G4ITHH+UKbR
Score

10^/10

redline lupa evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Redline Stealer samples

Modifies Windows Defender Real-time Protection settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2