General
-
Target
fb28af147c1161ac6487203c5c06dc2d79132900c7eea40b9323457be3842bbb.bin
-
Size
1.2MB
-
Sample
230501-x4yajahe2y
-
MD5
9f2041212db6a0d60f09fc6ab6a6cf20
-
SHA1
0b57cac83a12a30d594555ef2fbc9b0b5249d432
-
SHA256
fb28af147c1161ac6487203c5c06dc2d79132900c7eea40b9323457be3842bbb
-
SHA512
bfddb4070e4ca1345b8f4c539c850c5ec7990e3405ac5252b93a5472f7209c7f451e73250b2951f4f4a3cb5556e66f7644c7a77515cce2a43cb93d5ec7ffb5d5
-
SSDEEP
24576:ou0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:V0+BshUC1VzUjjPP0/
Malware Config
Targets
-
-
Target
fb28af147c1161ac6487203c5c06dc2d79132900c7eea40b9323457be3842bbb.bin
-
Size
1.2MB
-
MD5
9f2041212db6a0d60f09fc6ab6a6cf20
-
SHA1
0b57cac83a12a30d594555ef2fbc9b0b5249d432
-
SHA256
fb28af147c1161ac6487203c5c06dc2d79132900c7eea40b9323457be3842bbb
-
SHA512
bfddb4070e4ca1345b8f4c539c850c5ec7990e3405ac5252b93a5472f7209c7f451e73250b2951f4f4a3cb5556e66f7644c7a77515cce2a43cb93d5ec7ffb5d5
-
SSDEEP
24576:ou0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:V0+BshUC1VzUjjPP0/
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-