General

  • Target

    krnl_bootstrapper.exe.bin

  • Size

    1.2MB

  • Sample

    230430-179phseb65

  • MD5

    f14153bbd95fc26d9ccea77c49cf09b9

  • SHA1

    cb59f900711ea751c4322b4dab50fa2c0ee70b33

  • SHA256

    27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

  • SHA512

    7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

  • SSDEEP

    12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu

Malware Config

Targets

    • Target

      krnl_bootstrapper.exe.bin

    • Size

      1.2MB

    • MD5

      f14153bbd95fc26d9ccea77c49cf09b9

    • SHA1

      cb59f900711ea751c4322b4dab50fa2c0ee70b33

    • SHA256

      27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

    • SHA512

      7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

    • SSDEEP

      12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Downloads MZ/PE file

MITRE ATT&CK Enterprise v6

Tasks