redline

General

Target

32635fb3b78dfdd743f8397d234f64492de0513692c3c6c327c17530edda29c8.bin
Size

1.2MB
Sample

230507-a684gseb32
MD5

adeb3cf19fc631417662a75dfcf2333d
SHA1

c2308d6e37057d7ed8257eccd9734327b7a37525
SHA256

32635fb3b78dfdd743f8397d234f64492de0513692c3c6c327c17530edda29c8
SHA512

a6c66a5ff87889797e73e2db03ea83688a9c7f0a7cf4e7239ae6ce8cf748c191a250bf558801e1b9e8ac3b49022464dfc82bf5891283b324e28f81db5445b7ee
SSDEEP

24576:NcfsVIKzRLTr3vkFjAacR3lMERO6s0fYK++YSYuugo4cyC/:Nc+I8X8FjAacEER9NYK+lngo4cyC

Score

10^/10

Malware Config

Targets

- Target
  
  32635fb3b78dfdd743f8397d234f64492de0513692c3c6c327c17530edda29c8.bin
- Size
  
  1.2MB
- MD5
  
  adeb3cf19fc631417662a75dfcf2333d
- SHA1
  
  c2308d6e37057d7ed8257eccd9734327b7a37525
- SHA256
  
  32635fb3b78dfdd743f8397d234f64492de0513692c3c6c327c17530edda29c8
- SHA512
  
  a6c66a5ff87889797e73e2db03ea83688a9c7f0a7cf4e7239ae6ce8cf748c191a250bf558801e1b9e8ac3b49022464dfc82bf5891283b324e28f81db5445b7ee
- SSDEEP
  
  24576:NcfsVIKzRLTr3vkFjAacR3lMERO6s0fYK++YSYuugo4cyC/:Nc+I8X8FjAacEER9NYK+lngo4cyC
Score

10^/10

evasion persistence trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Detects Redline Stealer samples

Modifies Windows Defender Real-time Protection settings

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2