redline | f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce | Triage

Sharing

General

Target

f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
Size

1.2MB
Sample

230507-kgavhabb25
MD5

b2ef90e9c20df0c02c7026e4c7bcb923
SHA1

23b3d26267a98c6d56540d463e8d46f6cba1a326
SHA256

f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
SHA512

0e528c77274613406cd34628f4b09c3dcfbf1ca2c203510ea2c1d6219e31bee2e39dbe03db9ca74612d0032e9f499c6f1115fb0f3dd3f118524757f87a662d12
SSDEEP

24576:nynQAnh/kVAMhhJ5kS0zp99asNBp/u3SrGFYblOyQBsWKwKaqe3uK:ynH/BMhVR0V9rNfuixEIJ6

Score

10^/10

redline lisa evasion infostealer persistence stealer trojan

Malware Config

Extracted

Family

redline

Botnet

lisa

C2

185.161.248.73:4164

Attributes

auth_value
c2dc311db9820012377b054447d37949

Targets

- Target
  
  f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
- Size
  
  1.2MB
- MD5
  
  b2ef90e9c20df0c02c7026e4c7bcb923
- SHA1
  
  23b3d26267a98c6d56540d463e8d46f6cba1a326
- SHA256
  
  f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
- SHA512
  
  0e528c77274613406cd34628f4b09c3dcfbf1ca2c203510ea2c1d6219e31bee2e39dbe03db9ca74612d0032e9f499c6f1115fb0f3dd3f118524757f87a662d12
- SSDEEP
  
  24576:nynQAnh/kVAMhhJ5kS0zp99asNBp/u3SrGFYblOyQBsWKwKaqe3uK:ynH/BMhVR0V9rNfuixEIJ6
Score

10^/10

redline lisa evasion infostealer persistence trojan stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelisaevasioninfostealerpersistencetrojan

behavioral2

redlinelisaevasioninfostealerpersistencestealertrojan