General
-
Target
de815d3933adf5ca9c5ac4d429fd6224eb8d5bb363906a050d15c97aea24fc55.bin
-
Size
1.1MB
-
Sample
230501-xeszhsff21
-
MD5
aec9c061f5c173c4f42398b07708cc6c
-
SHA1
6d975edd1c99575c56763917ce8c5489aa063093
-
SHA256
de815d3933adf5ca9c5ac4d429fd6224eb8d5bb363906a050d15c97aea24fc55
-
SHA512
26f3164a856caa452ad1bec811ea277a150fb254f81dc8b2ecd069246af65739aa164980a8529e06e00c3f52b6ab9e7a68121566028cc28a8f6b7868745e42c0
-
SSDEEP
24576:fyk2wrhAqpMOaIjxXQN9mPY1AeCaM9Fovl2kzNuk/no4NR:qkN7pSIjdQrYYZCa0wbxuk/o4
Malware Config
Targets
-
-
Target
de815d3933adf5ca9c5ac4d429fd6224eb8d5bb363906a050d15c97aea24fc55.bin
-
Size
1.1MB
-
MD5
aec9c061f5c173c4f42398b07708cc6c
-
SHA1
6d975edd1c99575c56763917ce8c5489aa063093
-
SHA256
de815d3933adf5ca9c5ac4d429fd6224eb8d5bb363906a050d15c97aea24fc55
-
SHA512
26f3164a856caa452ad1bec811ea277a150fb254f81dc8b2ecd069246af65739aa164980a8529e06e00c3f52b6ab9e7a68121566028cc28a8f6b7868745e42c0
-
SSDEEP
24576:fyk2wrhAqpMOaIjxXQN9mPY1AeCaM9Fovl2kzNuk/no4NR:qkN7pSIjdQrYYZCa0wbxuk/o4
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-