General
-
Target
cef4a6a3209c6100938b42e902c1fcc326cd3e156c867faca962337ec639a276.bin
-
Size
1.1MB
-
Sample
230501-w4r8vada34
-
MD5
8d8e179bdae07692d6154b21bc3b94d7
-
SHA1
7cb18387ee217a2a5d5dc5e185b7c9eb173d9199
-
SHA256
cef4a6a3209c6100938b42e902c1fcc326cd3e156c867faca962337ec639a276
-
SHA512
485f2a14cb6ddb6e8a439f732ea78b16945f5aa59ff0801ad924c27c4a8e6336cbdb55c00c611e30c3d9f90a0bba77dc649f79b1cab4bd739ffa9b56434dd2d5
-
SSDEEP
24576:oyTSPVdM+ESpvJEYX6rZ9LV8iKeYGNmezyh:vOV2x6vJEYc9LaeJQH
Malware Config
Targets
-
-
Target
cef4a6a3209c6100938b42e902c1fcc326cd3e156c867faca962337ec639a276.bin
-
Size
1.1MB
-
MD5
8d8e179bdae07692d6154b21bc3b94d7
-
SHA1
7cb18387ee217a2a5d5dc5e185b7c9eb173d9199
-
SHA256
cef4a6a3209c6100938b42e902c1fcc326cd3e156c867faca962337ec639a276
-
SHA512
485f2a14cb6ddb6e8a439f732ea78b16945f5aa59ff0801ad924c27c4a8e6336cbdb55c00c611e30c3d9f90a0bba77dc649f79b1cab4bd739ffa9b56434dd2d5
-
SSDEEP
24576:oyTSPVdM+ESpvJEYX6rZ9LV8iKeYGNmezyh:vOV2x6vJEYc9LaeJQH
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-