redline

General

Target

13aafc1f639702c9045d72104fc5d05f7ae721f4552951eb0e3288f4db11df1c
Size

1.3MB
Sample

230506-zde3daee4s
MD5

73fc90a2dfb883d62242fe23897cdd68
SHA1

e2840e54a9b35f534c6b7b2c297e963e56ab623c
SHA256

13aafc1f639702c9045d72104fc5d05f7ae721f4552951eb0e3288f4db11df1c
SHA512

56b8c8770f60a083a552a145302cf1bcfd38561c44cdd33cce7ec86e0f8ea593c17f4285ac3a5cb8aaa2d4c377becb4bb42378f4789196edc6927da112f20041
SSDEEP

24576:9ysiCpkuI0O8ORDj5msKjiVJMEqw/TWGZmkrHE3lj/j1XWy0vfdK:Ysi6kT0OVX5Y1EZ/T/mkI3lj71avf

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

lakio

C2

217.196.96.56:4138

Attributes

auth_value
5a2372e90cce274157a245c74afe9d6e

Targets

- Target
  
  13aafc1f639702c9045d72104fc5d05f7ae721f4552951eb0e3288f4db11df1c
- Size
  
  1.3MB
- MD5
  
  73fc90a2dfb883d62242fe23897cdd68
- SHA1
  
  e2840e54a9b35f534c6b7b2c297e963e56ab623c
- SHA256
  
  13aafc1f639702c9045d72104fc5d05f7ae721f4552951eb0e3288f4db11df1c
- SHA512
  
  56b8c8770f60a083a552a145302cf1bcfd38561c44cdd33cce7ec86e0f8ea593c17f4285ac3a5cb8aaa2d4c377becb4bb42378f4789196edc6927da112f20041
- SSDEEP
  
  24576:9ysiCpkuI0O8ORDj5msKjiVJMEqw/TWGZmkrHE3lj/j1XWy0vfdK:Ysi6kT0OVX5Y1EZ/T/mkI3lj71avf
Score

10^/10

redline lakio evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Redline Stealer samples

Modifies Windows Defender Real-time Protection settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2