redline | 1aa6211a075d828327681307b51741b8c931514c1a387fb45f9d9cc8fcfb8acd | Triage

Submit
Reports

Overview

overview

Static

static

Redline Stealer.rar

windows7-x64

3

Redline Stealer.rar

windows10-2004-x64

Sharing

General

Target

Redline Stealer.rar
Size

1.9MB
Sample

240629-w21gfawdmj
MD5

804930714f5da20e35e42cd74c195a4e
SHA1

bbb8cd45f3a8504e40d832bf6edd6befa0f21da2
SHA256

1aa6211a075d828327681307b51741b8c931514c1a387fb45f9d9cc8fcfb8acd
SHA512

cf36e07550531e4683a13bd9903c3bc24fc2a7937837160963e6afd63f120bd0b78d7b9c576f356e954b5fe6dfe2857957c71dc31d100d8cc824495333679e30
SSDEEP

49152:cGgYV/h2P1tXK/zYhv/5B+sE1Icb+ehyl30ynqkL:cGge2PzXK/e//+sE1da31L

Score

10^/10

redline evasion infostealer persistence privilege_escalation

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Redline Stealer.rar

Resource

win7-20240611-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Redline Stealer.rar

Resource

win10v2004-20240508-en

redline evasion infostealer persistence privilege_escalation

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Redline Stealer.rar
- Size
  
  1.9MB
- MD5
  
  804930714f5da20e35e42cd74c195a4e
- SHA1
  
  bbb8cd45f3a8504e40d832bf6edd6befa0f21da2
- SHA256
  
  1aa6211a075d828327681307b51741b8c931514c1a387fb45f9d9cc8fcfb8acd
- SHA512
  
  cf36e07550531e4683a13bd9903c3bc24fc2a7937837160963e6afd63f120bd0b78d7b9c576f356e954b5fe6dfe2857957c71dc31d100d8cc824495333679e30
- SSDEEP
  
  49152:cGgYV/h2P1tXK/zYhv/5B+sE1Icb+ehyl30ynqkL:cGge2PzXK/e//+sE1da31L
Score

10^/10

redline evasion infostealer persistence privilege_escalation
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlineevasioninfostealerpersistenceprivilege_escalation

© 2018-2024

Terms | Privacy