General
-
Target
cc dumper.exe.bin
-
Size
69.1MB
-
Sample
230501-w2lchsed7s
-
MD5
478709030e5d3855f49f91a7a25d4966
-
SHA1
a2d4759a8400826ef33f53cfdfb5c360abfc35b3
-
SHA256
8da2b336323df69f79a88ce0debd83296f1e621b41ce4248573bc1bf22c270f3
-
SHA512
5af417ac7542154a9186411e13103bd3f94b60c99108f3b7e2872d1799973b368b5dd595fb9d2fb11bf0c26e424d763ae744f167e60025fdfbee273e1e59a4e5
-
SSDEEP
1572864:AjddGv6A4akxPU9ZKlJBthhAQaRAVvhHUzqkbeIq6o3Lu7Cym0Lc:4GvBL0PUzKlHzmQ++Z8qkbeIqz3LuXLc
Static task
static1
Behavioral task
behavioral1
Sample
cc dumper.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cc dumper.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
cc dumper.exe.bin
-
Size
69.1MB
-
MD5
478709030e5d3855f49f91a7a25d4966
-
SHA1
a2d4759a8400826ef33f53cfdfb5c360abfc35b3
-
SHA256
8da2b336323df69f79a88ce0debd83296f1e621b41ce4248573bc1bf22c270f3
-
SHA512
5af417ac7542154a9186411e13103bd3f94b60c99108f3b7e2872d1799973b368b5dd595fb9d2fb11bf0c26e424d763ae744f167e60025fdfbee273e1e59a4e5
-
SSDEEP
1572864:AjddGv6A4akxPU9ZKlJBthhAQaRAVvhHUzqkbeIq6o3Lu7Cym0Lc:4GvBL0PUzKlHzmQ++Z8qkbeIqz3LuXLc
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-