Overview

overview

10

Static

static

3

1294cc12ba...66.exe

windows7-x64

10

1294cc12ba...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1294cc12ba011272de5431f48be5aa66.exe

  • Size

    480KB

  • Sample

    230506-zcp6ysed6y

  • MD5

    1294cc12ba011272de5431f48be5aa66

  • SHA1

    f92d1245cea41246eb0ce3b8ee27e15928b7cfda

  • SHA256

    f0bf5b1a6a0e908b002bb54965a590450cfa51f83cbf198b88404891e5b33f3c

  • SHA512

    feb70a02248f660bdf782c12ce04ac85a7a653181b102ad1e39cca812c9b1a7fdd8a6f582d74322c2a173d65730cbaf9cf38a86469eb50e7598e405c6344ffca

  • SSDEEP

    12288:KMrXy90MbPd0CA7FGYaPvGNf6MKTIKtxziQTTC:dyNPdU7FGrHGb1K9Vu

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      1294cc12ba011272de5431f48be5aa66.exe

    • Size

      480KB

    • MD5

      1294cc12ba011272de5431f48be5aa66

    • SHA1

      f92d1245cea41246eb0ce3b8ee27e15928b7cfda

    • SHA256

      f0bf5b1a6a0e908b002bb54965a590450cfa51f83cbf198b88404891e5b33f3c

    • SHA512

      feb70a02248f660bdf782c12ce04ac85a7a653181b102ad1e39cca812c9b1a7fdd8a6f582d74322c2a173d65730cbaf9cf38a86469eb50e7598e405c6344ffca

    • SSDEEP

      12288:KMrXy90MbPd0CA7FGYaPvGNf6MKTIKtxziQTTC:dyNPdU7FGrHGb1K9Vu

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks