redline | 2717f9aea6f2dbb04c9a69db577a21f7faf67d21053e8d40730f3cf7744f3fd0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2717f9aea6f2dbb04c9a69db577a21f7faf67d21053e8d40730f3cf7744f3fd0.bin
Size

1.2MB
Sample

230506-zvspsseb95
MD5

5e1ea94245939d7acff9e71956509e8a
SHA1

871d664db51133ba7e7b11ecdc50f7dff645f498
SHA256

2717f9aea6f2dbb04c9a69db577a21f7faf67d21053e8d40730f3cf7744f3fd0
SHA512

6b84a32a500715caeef321cba3ca4a6d68ccc11ec73616c6c84071419dc80adfac8fa8b59d66c311c29b7dcb36d71f344c90e207346a1f76b13c6a841f02ea07
SSDEEP

24576:6GxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:6GMOKSUDNGQp9qKqFR4JUcDLqNp/b

Score

10^/10

redline evasion infostealer persistence stealer trojan

Malware Config

Targets

- Target
  
  2717f9aea6f2dbb04c9a69db577a21f7faf67d21053e8d40730f3cf7744f3fd0.bin
- Size
  
  1.2MB
- MD5
  
  5e1ea94245939d7acff9e71956509e8a
- SHA1
  
  871d664db51133ba7e7b11ecdc50f7dff645f498
- SHA256
  
  2717f9aea6f2dbb04c9a69db577a21f7faf67d21053e8d40730f3cf7744f3fd0
- SHA512
  
  6b84a32a500715caeef321cba3ca4a6d68ccc11ec73616c6c84071419dc80adfac8fa8b59d66c311c29b7dcb36d71f344c90e207346a1f76b13c6a841f02ea07
- SSDEEP
  
  24576:6GxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:6GMOKSUDNGQp9qKqFR4JUcDLqNp/b
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlineevasioninfostealerpersistencestealertrojan