redline | 25070e5f071bd838bd5c95d172baa2653cb28bec50ad39209529a4c58775eef5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25070e5f071bd838bd5c95d172baa2653cb28bec50ad39209529a4c58775eef5
Size

708KB
Sample

230506-ztqh2sea65
MD5

c001455b5f15fa986bce6720ab365936
SHA1

45fe7b025df83e5ef3be5c078fa8a69d5aee60cc
SHA256

25070e5f071bd838bd5c95d172baa2653cb28bec50ad39209529a4c58775eef5
SHA512

af6bfa9a08986a7bb32844f3d4e0e1fced70c4eb3b703e17e5d29426c60754516c89e58f035928c71ce1c10de02d705c1ed3d6b62ebf03ef8876485813f83414
SSDEEP

12288:fMrby90+NYzzM2dLbs4yAVSggEUSqhg00EJ+oZQAYK4HUtgeDIkaX7T1Mu:Uyi/M2B0AVx5USqhDFZ7YbcDI/X75Mu

Score

10^/10

redline infostealer persistence stealer

Malware Config

Targets

- Target
  
  25070e5f071bd838bd5c95d172baa2653cb28bec50ad39209529a4c58775eef5
- Size
  
  708KB
- MD5
  
  c001455b5f15fa986bce6720ab365936
- SHA1
  
  45fe7b025df83e5ef3be5c078fa8a69d5aee60cc
- SHA256
  
  25070e5f071bd838bd5c95d172baa2653cb28bec50ad39209529a4c58775eef5
- SHA512
  
  af6bfa9a08986a7bb32844f3d4e0e1fced70c4eb3b703e17e5d29426c60754516c89e58f035928c71ce1c10de02d705c1ed3d6b62ebf03ef8876485813f83414
- SSDEEP
  
  12288:fMrby90+NYzzM2dLbs4yAVSggEUSqhg00EJ+oZQAYK4HUtgeDIkaX7T1Mu:Uyi/M2B0AVx5USqhDFZ7YbcDI/X75Mu
Score

10^/10

persistence redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlineinfostealerpersistencestealer