redline | 392b2d0b7bedd8802e9205df12dd3d8dc7376cff5c1e935db2edaf8b5bb6bcf6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

392b2d0b7bedd8802e9205df12dd3d8dc7376cff5c1e935db2edaf8b5bb6bcf6.bin
Size

1.2MB
Sample

230506-z8ep4ahg4w
MD5

3a5717fc4bef7d9a7f1bcb358c28f7e1
SHA1

e29a7cc5694b0475aa733d2dc30d7bd03a8cbf87
SHA256

392b2d0b7bedd8802e9205df12dd3d8dc7376cff5c1e935db2edaf8b5bb6bcf6
SHA512

d42ab844d0b12e44516d45a93648a10b4dd102bd25f919b5580f71d7ffe5d6261ff0d5147a15eb7cfa165c9681f20ee6380409a2f6e6a398d32b0ba21ecd7506
SSDEEP

24576:0O/ma41pNBrquMHuDpKqJUd5xYsLo11YdH/tFrQhldU8HJVYx+dblqaWSLO:0OXedEODpKqJGYsLMutFEIx257

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  392b2d0b7bedd8802e9205df12dd3d8dc7376cff5c1e935db2edaf8b5bb6bcf6.bin
- Size
  
  1.2MB
- MD5
  
  3a5717fc4bef7d9a7f1bcb358c28f7e1
- SHA1
  
  e29a7cc5694b0475aa733d2dc30d7bd03a8cbf87
- SHA256
  
  392b2d0b7bedd8802e9205df12dd3d8dc7376cff5c1e935db2edaf8b5bb6bcf6
- SHA512
  
  d42ab844d0b12e44516d45a93648a10b4dd102bd25f919b5580f71d7ffe5d6261ff0d5147a15eb7cfa165c9681f20ee6380409a2f6e6a398d32b0ba21ecd7506
- SSDEEP
  
  24576:0O/ma41pNBrquMHuDpKqJUd5xYsLo11YdH/tFrQhldU8HJVYx+dblqaWSLO:0OXedEODpKqJGYsLMutFEIx257
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan