redline | 186cae0cdeb2d592ecd3a0a2816d3e73fe0ecd7dcf5e9a0ede45564c49be6ee3 | Triage

Sharing

General

Target

186cae0cdeb2d592ecd3a0a2816d3e73fe0ecd7dcf5e9a0ede45564c49be6ee3
Size

707KB
Sample

230506-zgtd6seh7w
MD5

9156eaf25c6c3ca0e5a49ca9bd65d0c7
SHA1

23ae080dd25217ebdfd4b0a22a1909d0de717627
SHA256

186cae0cdeb2d592ecd3a0a2816d3e73fe0ecd7dcf5e9a0ede45564c49be6ee3
SHA512

82182a974c7c74e46137bce133b79eb565b452b412750846b50b5a04c8800aff02bd648248bf09f50d110946fb7fd6b7e774479cc1d443ea54bdb976051701c3
SSDEEP

12288:YMrby90Y11sSjEtaF3mlVNxvaxauUdl8M2qKKNJ3Q+aO7lfRxUx+QUTZyQdFmtE:zyXsXtaF3v8diKNJ3Q+aO7lkhK+E1tbI

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  186cae0cdeb2d592ecd3a0a2816d3e73fe0ecd7dcf5e9a0ede45564c49be6ee3
- Size
  
  707KB
- MD5
  
  9156eaf25c6c3ca0e5a49ca9bd65d0c7
- SHA1
  
  23ae080dd25217ebdfd4b0a22a1909d0de717627
- SHA256
  
  186cae0cdeb2d592ecd3a0a2816d3e73fe0ecd7dcf5e9a0ede45564c49be6ee3
- SHA512
  
  82182a974c7c74e46137bce133b79eb565b452b412750846b50b5a04c8800aff02bd648248bf09f50d110946fb7fd6b7e774479cc1d443ea54bdb976051701c3
- SSDEEP
  
  12288:YMrby90Y11sSjEtaF3mlVNxvaxauUdl8M2qKKNJ3Q+aO7lfRxUx+QUTZyQdFmtE:zyXsXtaF3v8diKNJ3Q+aO7lkhK+E1tbI
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer