redline | 1a87eb307b59442cc8357e10abe2bc51640c69af18c7c6c1d4271bdd519d4e80 | Triage

Sharing

General

Target

1a87eb307b59442cc8357e10abe2bc51640c69af18c7c6c1d4271bdd519d4e80
Size

376KB
Sample

230506-zjh18ach79
MD5

ae5976d5f9b72f7051595d62d92398dc
SHA1

43ab360add906bc779d5e91edbaab23475182282
SHA256

1a87eb307b59442cc8357e10abe2bc51640c69af18c7c6c1d4271bdd519d4e80
SHA512

3dc417c7918d3f181b3b68d672ad8386e2dd3bf07922cd89023c0fc5850c334060b967f33a6e81085a56b70719d11235385fdd3bde785fa0d2304791dfb4950b
SSDEEP

6144:KBy+bnr+rp0yN90QESM4WbXtTqmrGjc//WzHxrlDiOEl4w8MlwurTc:zMr3y90EMhcmrf/+z3D6lxle

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  1a87eb307b59442cc8357e10abe2bc51640c69af18c7c6c1d4271bdd519d4e80
- Size
  
  376KB
- MD5
  
  ae5976d5f9b72f7051595d62d92398dc
- SHA1
  
  43ab360add906bc779d5e91edbaab23475182282
- SHA256
  
  1a87eb307b59442cc8357e10abe2bc51640c69af18c7c6c1d4271bdd519d4e80
- SHA512
  
  3dc417c7918d3f181b3b68d672ad8386e2dd3bf07922cd89023c0fc5850c334060b967f33a6e81085a56b70719d11235385fdd3bde785fa0d2304791dfb4950b
- SSDEEP
  
  6144:KBy+bnr+rp0yN90QESM4WbXtTqmrGjc//WzHxrlDiOEl4w8MlwurTc:zMr3y90EMhcmrf/+z3D6lxle
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer