redline

General

Target

2033848ae79490af94c8671ead40212c75dffd85ebc821548022d7039d7611ea
Size

1.2MB
Sample

230506-zqjw4aff9x
MD5

4e9cdaf65d14e0baa788950801bd8fcc
SHA1

8e220effa4c29b174010ecebe2a6af979084a260
SHA256

2033848ae79490af94c8671ead40212c75dffd85ebc821548022d7039d7611ea
SHA512

9b2403bc17f5002e88784453b09ec7443f488cb4696129d79e12c055e55df382a18916041264a9f9a703e05bfb4e2a07e353f31c01bfa4bace6d402b4f6fae47
SSDEEP

24576:lyjSTIn1xFD7jxdljfUgugaUiwbm1CKf4a92i0vgDUnTS+FS+qNg+9W:A+I7tHIgWFwbAff4KrtDUnTSe8NZ

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

217.196.96.56:4138

Attributes

auth_value
fcb02fce9bc10c56a9841d56974bd7b8

Targets

- Target
  
  2033848ae79490af94c8671ead40212c75dffd85ebc821548022d7039d7611ea
- Size
  
  1.2MB
- MD5
  
  4e9cdaf65d14e0baa788950801bd8fcc
- SHA1
  
  8e220effa4c29b174010ecebe2a6af979084a260
- SHA256
  
  2033848ae79490af94c8671ead40212c75dffd85ebc821548022d7039d7611ea
- SHA512
  
  9b2403bc17f5002e88784453b09ec7443f488cb4696129d79e12c055e55df382a18916041264a9f9a703e05bfb4e2a07e353f31c01bfa4bace6d402b4f6fae47
- SSDEEP
  
  24576:lyjSTIn1xFD7jxdljfUgugaUiwbm1CKf4a92i0vgDUnTS+FS+qNg+9W:A+I7tHIgWFwbAff4KrtDUnTSe8NZ
Score

10^/10

redline lupa evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Redline Stealer samples

Modifies Windows Defender Real-time Protection settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2