redline | 1c8594bdcfc73c126591ecad44c493eeda3d1fdf57cddb378bcde9956450722d | Triage

Sharing

General

Target

1c8594bdcfc73c126591ecad44c493eeda3d1fdf57cddb378bcde9956450722d
Size

376KB
Sample

230506-zk65fafc5x
MD5

41cba14bf21afb0c0b8775f697449b33
SHA1

82a186b315a26e3f32004ecfe333c8f03ff76533
SHA256

1c8594bdcfc73c126591ecad44c493eeda3d1fdf57cddb378bcde9956450722d
SHA512

29b8ebca339d136dd3af48f5a9fc99c80815ecec1a47fee7effbfff5dc13add076d742ecef71cfa1187f1aa8f000794052b2e5718a12128c977d5dcf17c061bb
SSDEEP

6144:K+y+bnr+0p0yN90QER5jeyyPJyJstLafdkAmDX9JgkWIlJecNnLQLobvx3VDeJ6:uMrsy90djeyyB4staBmDcV8zNnLFpFDT

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  1c8594bdcfc73c126591ecad44c493eeda3d1fdf57cddb378bcde9956450722d
- Size
  
  376KB
- MD5
  
  41cba14bf21afb0c0b8775f697449b33
- SHA1
  
  82a186b315a26e3f32004ecfe333c8f03ff76533
- SHA256
  
  1c8594bdcfc73c126591ecad44c493eeda3d1fdf57cddb378bcde9956450722d
- SHA512
  
  29b8ebca339d136dd3af48f5a9fc99c80815ecec1a47fee7effbfff5dc13add076d742ecef71cfa1187f1aa8f000794052b2e5718a12128c977d5dcf17c061bb
- SSDEEP
  
  6144:K+y+bnr+0p0yN90QER5jeyyPJyJstLafdkAmDX9JgkWIlJecNnLQLobvx3VDeJ6:uMrsy90djeyyB4staBmDcV8zNnLFpFDT
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer