General
-
Target
krnl_bootstrapper.exe.bin
-
Size
1.2MB
-
Sample
230430-179phseb65
-
MD5
f14153bbd95fc26d9ccea77c49cf09b9
-
SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33
-
SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
-
SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
-
SSDEEP
12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu
Static task
static1
Behavioral task
behavioral1
Sample
krnl_bootstrapper.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
krnl_bootstrapper.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
krnl_bootstrapper.exe.bin
-
Size
1.2MB
-
MD5
f14153bbd95fc26d9ccea77c49cf09b9
-
SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33
-
SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
-
SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
-
SSDEEP
12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-