Overview

overview

10

Static

static

3

36108347fe...87.exe

windows7-x64

10

36108347fe...87.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2b2c6d2857d5442e1d38a724c05d17fd.bin.bin

  • Size

    782KB

  • Sample

    230506-zybkpage9t

  • MD5

    cc0463828a35c979c90d1f2b6239aa0f

  • SHA1

    0ebf4d4693e3c446ac374c6e27f9c1664f901566

  • SHA256

    04746766505910dd8988fed6fdd008942557badc1ff9a553fd732914ca8156c3

  • SHA512

    80209dd72d12e22741314c870e7d49380a356e71e6d89c1af84c04d3662fa42e00659aa087ce5804576f387d3badbd978f15b5ccba02759196bfabc0ea8e8aed

  • SSDEEP

    12288:puv38iMJ/vuht5Aj3Lou1t43tEyZ5bDe5v5hvxWo1J1nFWgqtvGIU4XPje:puf+J/vugLo9dtSvLRnuBJS

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Targets

    • Target

      36108347fe6895016fba031c06791828e168f88c3199e683710874bd05173987.exe

    • Size

      827KB

    • MD5

      2b2c6d2857d5442e1d38a724c05d17fd

    • SHA1

      99ae73718cb56d9dbc6bf61773ae3994cce55d58

    • SHA256

      36108347fe6895016fba031c06791828e168f88c3199e683710874bd05173987

    • SHA512

      c26fdae3a71521da9966cb3c331642090a2799aabbce33fbf79038137dac4b63386a5c824698623b231d9dde8e29b03d089a4fa1c9e087e700666bb1132c1da6

    • SSDEEP

      24576:myeFxsRdrM54UNouOIKS3W91gvuR1ckxA2cZEC:1qQqGUNomKS3W9pYk+2cZ

    Score
    10/10
    evasionpersistencetrojanredlineinfostealerstealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks