redline | 154962abe08848cc48cbad311ef38d9e71c57fa4fece8d2dd98171a18b1d2203 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

154962abe08848cc48cbad311ef38d9e71c57fa4fece8d2dd98171a18b1d2203.bin
Size

913KB
Sample

230506-zen2nsef7w
MD5

25daf43e2336c7198fdc12e06b9ad188
SHA1

58655b18a18aa6649c30544961a493bb91db610c
SHA256

154962abe08848cc48cbad311ef38d9e71c57fa4fece8d2dd98171a18b1d2203
SHA512

06ba028df9698cc42a87c1fac58e686f7c8fd58da7bde98bec48463d8f56a81547668a7eefe677be15300b299ce3c93d3d779a3ed4533e1c0aa7d2dffe7187a0
SSDEEP

12288:vy90vqM2eTow2Z/428KHtNKoAFcjEQ2dj5FVBK1RvPXAQvOQixmCPDGocgRG228n:vyoqM2a2aQtQKEQIFK1RroQkGoc0aoH

Score

10^/10

redline dark evasion infostealer persistence stealer trojan

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes

auth_value
ae85b01f66afe8770afeed560513fc2d

Targets

- Target
  
  154962abe08848cc48cbad311ef38d9e71c57fa4fece8d2dd98171a18b1d2203.bin
- Size
  
  913KB
- MD5
  
  25daf43e2336c7198fdc12e06b9ad188
- SHA1
  
  58655b18a18aa6649c30544961a493bb91db610c
- SHA256
  
  154962abe08848cc48cbad311ef38d9e71c57fa4fece8d2dd98171a18b1d2203
- SHA512
  
  06ba028df9698cc42a87c1fac58e686f7c8fd58da7bde98bec48463d8f56a81547668a7eefe677be15300b299ce3c93d3d779a3ed4533e1c0aa7d2dffe7187a0
- SSDEEP
  
  12288:vy90vqM2eTow2Z/428KHtNKoAFcjEQ2dj5FVBK1RvPXAQvOQixmCPDGocgRG228n:vyoqM2a2aQtQKEQIFK1RroQkGoc0aoH
Score

10^/10

redline dark evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarkevasioninfostealerpersistencetrojan

behavioral2

redlinedarkevasioninfostealerpersistencestealertrojan