redline | efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17 | Triage

Sharing

General

Target

efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
Size

1.2MB
Sample

230507-j81pkabg7v
MD5

96eae8be1b3792540da3007213b973b6
SHA1

a04773fdeec1ccfadcf34911167c2e3801b65f88
SHA256

efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
SHA512

5eaf912b933b8e797f352f177d0b0febe9d29ffd9764b4c58173ad9a90d1ba19dfdd39209fb56ead8521a5b82478eff5e5b84d20adc6317e61df71db6bb8c7f4
SSDEEP

24576:LywySlEXKNfuhB5Tiisba8Mitzbjze4MsSo4WGPKYl2gMgKe:+w/vfug3aupS4j+Pvl2gM

Score

10^/10

redline lisa evasion infostealer persistence stealer trojan

Malware Config

Extracted

Family

redline

Botnet

lisa

C2

185.161.248.73:4164

Attributes

auth_value
c2dc311db9820012377b054447d37949

Targets

- Target
  
  efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
- Size
  
  1.2MB
- MD5
  
  96eae8be1b3792540da3007213b973b6
- SHA1
  
  a04773fdeec1ccfadcf34911167c2e3801b65f88
- SHA256
  
  efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
- SHA512
  
  5eaf912b933b8e797f352f177d0b0febe9d29ffd9764b4c58173ad9a90d1ba19dfdd39209fb56ead8521a5b82478eff5e5b84d20adc6317e61df71db6bb8c7f4
- SSDEEP
  
  24576:LywySlEXKNfuhB5Tiisba8Mitzbjze4MsSo4WGPKYl2gMgKe:+w/vfug3aupS4j+Pvl2gM
Score

10^/10

redline lisa evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelisaevasioninfostealerpersistencetrojan

behavioral2

redlinelisaevasioninfostealerpersistencestealertrojan