redline | 9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f | Triage

Sharing

General

Target

9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
Size

1.2MB
Sample

230507-fpvsesad25
MD5

2a6461d1a0897525597d3766a00a8a5c
SHA1

c1923c22f97e917a325d2ca55e1bb0f3a0437cc0
SHA256

9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
SHA512

dce95b2999c118d8a09a69e0b8ad903022c3993c11abe49fd8ea6c607f13954e7f8517cac9c5227b87a55cb3444eed2832a7fa410e0e450fa0a52d93f0d7f295
SSDEEP

24576:hyz8CsWyiKQ55wHxQXzMxWeR5YVtZ8FOl1unV:Uz8C5cU5WCITRSVL8mcn

Score

10^/10

redline lisa evasion infostealer persistence stealer trojan

Malware Config

Extracted

Family

redline

Botnet

lisa

C2

185.161.248.73:4164

Attributes

auth_value
c2dc311db9820012377b054447d37949

Targets

- Target
  
  9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
- Size
  
  1.2MB
- MD5
  
  2a6461d1a0897525597d3766a00a8a5c
- SHA1
  
  c1923c22f97e917a325d2ca55e1bb0f3a0437cc0
- SHA256
  
  9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
- SHA512
  
  dce95b2999c118d8a09a69e0b8ad903022c3993c11abe49fd8ea6c607f13954e7f8517cac9c5227b87a55cb3444eed2832a7fa410e0e450fa0a52d93f0d7f295
- SSDEEP
  
  24576:hyz8CsWyiKQ55wHxQXzMxWeR5YVtZ8FOl1unV:Uz8C5cU5WCITRSVL8mcn
Score

10^/10

redline lisa evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelisaevasioninfostealerpersistencetrojan

behavioral2

redlinelisaevasioninfostealerpersistencestealertrojan