General
-
Target
build.exe.bin
-
Size
1.6MB
-
Sample
230430-1t62gafb31
-
MD5
b9f2fa88ff45494841e2d3524399f739
-
SHA1
f40a07e14c39422e36eb89fd64fef8b4118ed1cd
-
SHA256
39bd23b6d268ae61e57c312aedcb8f7c061b957d2ef3e94d74e916ff9de12ad4
-
SHA512
c3012238edcdfa790e4002b5e38ae2791cc41b51c36412be87ddd11c0a584cd677855d9746caa4f39c82ce7d50c99a23f90577f6abe3b2363cdd39573eb57689
-
SSDEEP
24576:T+i2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLDH:FTq24GjdGSiqkqXfd+/9AqYanieKd
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
build.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
build.exe.bin
-
Size
1.6MB
-
MD5
b9f2fa88ff45494841e2d3524399f739
-
SHA1
f40a07e14c39422e36eb89fd64fef8b4118ed1cd
-
SHA256
39bd23b6d268ae61e57c312aedcb8f7c061b957d2ef3e94d74e916ff9de12ad4
-
SHA512
c3012238edcdfa790e4002b5e38ae2791cc41b51c36412be87ddd11c0a584cd677855d9746caa4f39c82ce7d50c99a23f90577f6abe3b2363cdd39573eb57689
-
SSDEEP
24576:T+i2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLDH:FTq24GjdGSiqkqXfd+/9AqYanieKd
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-