General
-
Target
config (1).exe.bin
-
Size
63.9MB
-
Sample
230501-w6r1vsef8z
-
MD5
5908e3e43cd13a7817ebc00e84726011
-
SHA1
2bb84721c2a5599bf0d10f1478abff751ed63287
-
SHA256
fee404652393a455c84216d7c761c369b4a560401d4016911d247dcd78b2a81b
-
SHA512
fafb2e54bf38c43fb5cdea0ddd8b1e6ad58ac72b8c53ae2f62ad3cf2dd8f89d37741348098ff648230968e741e3f33bbc04da6649e52edb25a9e8f1cd526f2d4
-
SSDEEP
1572864:WjddrbW1laQ3/mx+LeHP79ZN7ER0H93h2XXo4oI:KfWWQ3K2wPJr6O5CXF7
Static task
static1
Behavioral task
behavioral1
Sample
config (1).exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
config (1).exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
config (1).exe.bin
-
Size
63.9MB
-
MD5
5908e3e43cd13a7817ebc00e84726011
-
SHA1
2bb84721c2a5599bf0d10f1478abff751ed63287
-
SHA256
fee404652393a455c84216d7c761c369b4a560401d4016911d247dcd78b2a81b
-
SHA512
fafb2e54bf38c43fb5cdea0ddd8b1e6ad58ac72b8c53ae2f62ad3cf2dd8f89d37741348098ff648230968e741e3f33bbc04da6649e52edb25a9e8f1cd526f2d4
-
SSDEEP
1572864:WjddrbW1laQ3/mx+LeHP79ZN7ER0H93h2XXo4oI:KfWWQ3K2wPJr6O5CXF7
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-