General

  • Target

    krnl_beta.exe.bin

  • Size

    1.8MB

  • Sample

    230430-179drafh6t

  • MD5

    3701dc535fb395d6a1fb557a3aeec5e9

  • SHA1

    ef517659229ddc6ecfc02481c3953ac9322dae35

  • SHA256

    ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

  • SHA512

    20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

  • SSDEEP

    49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Malware Config

Targets

    • Target

      krnl_beta.exe.bin

    • Size

      1.8MB

    • MD5

      3701dc535fb395d6a1fb557a3aeec5e9

    • SHA1

      ef517659229ddc6ecfc02481c3953ac9322dae35

    • SHA256

      ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

    • SHA512

      20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

    • SSDEEP

      49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks