General
-
Target
spacers.rar
-
Size
49.7MB
-
Sample
230323-wq337abc61
-
MD5
de2b44a0861c042fa9b3ac834fbff29f
-
SHA1
c548d13db5a21334548a5c17c731589d2fc4ab3f
-
SHA256
976720afe175302ed867552d4394dda2a81b48c60aaeecb2f18670f2d088965a
-
SHA512
de198718452b2c6a7a9fe537a791564e12d5b73acc4ce94d531d5fdec05ad281ebd659622a43305b153072851a2cdfe455e1647b9fe752570199f2af7cd5fbe8
-
SSDEEP
1572864:ONSaQOB+m8bUIgg4O+gEDvhct+bNUti8XI2pzFE:zaSHgg4OXEC+eXE
Malware Config
Targets
-
-
Target
spacers.exe
-
Size
49.7MB
-
MD5
14e88f3d860d7ef94ee08fc75d1c28c6
-
SHA1
023106e71b10420b92b38a7de84c4ec2697a2d8c
-
SHA256
4ef78853de2bb0a5fc0a33169e6eaadc3f7ff38c3ddf36d4a0027868d7794f00
-
SHA512
332d8ac58d9733bab8cb077f01d46bcef2f3eb6ce9784fd20fb80c26397036b9e9420801a397a2622c926092a46c889b61261ba337a2da5968def048505cb3a1
-
SSDEEP
786432:qGnd/dy3AhJaImW2kU4ppjs6LB3voEzazSmlVZanNJqgduQsesfFeO/dwDn6o9Ca:O3PW2kVY6JroVZYJqrHeOyCOodID7
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-