Overview

overview

10

Static

static

3

1a01b86226...e9.exe

windows7-x64

10

1a01b86226...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a01b86226a33ca6502a9ef2c6b467c11549055e1e6572b8d7616f6f7ed8ebe9

  • Size

    479KB

  • Sample

    230506-zh8v9afa9s

  • MD5

    0bf9633fe4699fab685c096a13b64469

  • SHA1

    c747ab729af36f006b7a655ef177f0b0267569f7

  • SHA256

    1a01b86226a33ca6502a9ef2c6b467c11549055e1e6572b8d7616f6f7ed8ebe9

  • SHA512

    34bf6e103381301b24d210ad04a88e8618fd3c75a8e33f2e27ad11176d9213bc8d21b7c308bddd844f3044594a4db3a01a09f86a62fa469b99ed7d6d6abd36b3

  • SSDEEP

    12288:IMrYy90bXlYVOMy2e6I0snSbtDKwDMwEG:Qynq907bZKwD5

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      1a01b86226a33ca6502a9ef2c6b467c11549055e1e6572b8d7616f6f7ed8ebe9

    • Size

      479KB

    • MD5

      0bf9633fe4699fab685c096a13b64469

    • SHA1

      c747ab729af36f006b7a655ef177f0b0267569f7

    • SHA256

      1a01b86226a33ca6502a9ef2c6b467c11549055e1e6572b8d7616f6f7ed8ebe9

    • SHA512

      34bf6e103381301b24d210ad04a88e8618fd3c75a8e33f2e27ad11176d9213bc8d21b7c308bddd844f3044594a4db3a01a09f86a62fa469b99ed7d6d6abd36b3

    • SSDEEP

      12288:IMrYy90bXlYVOMy2e6I0snSbtDKwDMwEG:Qynq907bZKwD5

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks