General
-
Target
CartoonClassic.rar
-
Size
81.4MB
-
Sample
230424-w6p69sfe3y
-
MD5
1823281d282b4b92516fb48948208547
-
SHA1
984eb625d528e7301e1942059e2b815555070380
-
SHA256
dc1ea6b861d2c4c36abe609c77d3dc79e070b1b454b99e5dfdad40aa30ace1cf
-
SHA512
994f26d14ad3a756ba2d3abf80b9b2e6e74a03c3e19638a951aea3204d5c775c7fa1c44569b796629eff1e176f4a16a7ae3005ff102a3dcab1304b2cdedf8efc
-
SSDEEP
1572864:k4Wdfp2AFoPHRmjYJt48ggINJH5OLXKaGy08HueAXQ60TWfU0FRl5kll:k4qfxoPHJgL5OLM6n3Wno
Static task
static1
Behavioral task
behavioral1
Sample
CartoonClassic/CartoonClassic.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
CartoonClassic/CartoonClassic.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
CartoonClassic/CartoonClassic.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
CartoonClassic/CartoonClassic.exe
-
Size
64.0MB
-
MD5
ef694636fe731c252486c583a110c35f
-
SHA1
9e571561fbe9a50ec63147d419c38d0b6b9b94ca
-
SHA256
84c9b03576a8f4ae8cea514cadc643d49be7031c5de37c9bacc1b40ef3915ee7
-
SHA512
81892677c71a86bea59adc7e3e2adbed1bb73e873f0036ba9fa36b044051c303751597aee7bd8b6059569e1c229037affdcb715d78f48a4508515fad3207d0e1
-
SSDEEP
1572864:AjddrbWn/xCDvXbZJoOh4VYgU9PHd5oe3gtwV8s4z7zjayf:4fWnJCLXdVhgYd5fgW6s47jayf
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-