General
-
Target
e20a28ad7136fa6cbca0f95e9ffbf79ede5df19b259de0d228ab55929afe8c56.bin
-
Size
752KB
-
Sample
230501-xhfhlafh4y
-
MD5
22d12ad74b2b75d79d7251ce58c8d326
-
SHA1
ebace4eadaa467ca74a7c3233ce53d09500b557a
-
SHA256
e20a28ad7136fa6cbca0f95e9ffbf79ede5df19b259de0d228ab55929afe8c56
-
SHA512
ccebe5d91458cf76794be63ee37b212f7862d72c61721172a26dea160941812026a18de354937e057db2039b7fe3457a5508f6308cf766f81532cad7ace7d945
-
SSDEEP
12288:5y90ZDnlgoEVkubH8vAjLli6m5dZCxd6nfW/6Vigqr7:5yaDlN4kTvAvgh5dZ0knmC3qr7
Malware Config
Targets
-
-
Target
e20a28ad7136fa6cbca0f95e9ffbf79ede5df19b259de0d228ab55929afe8c56.bin
-
Size
752KB
-
MD5
22d12ad74b2b75d79d7251ce58c8d326
-
SHA1
ebace4eadaa467ca74a7c3233ce53d09500b557a
-
SHA256
e20a28ad7136fa6cbca0f95e9ffbf79ede5df19b259de0d228ab55929afe8c56
-
SHA512
ccebe5d91458cf76794be63ee37b212f7862d72c61721172a26dea160941812026a18de354937e057db2039b7fe3457a5508f6308cf766f81532cad7ace7d945
-
SSDEEP
12288:5y90ZDnlgoEVkubH8vAjLli6m5dZCxd6nfW/6Vigqr7:5yaDlN4kTvAvgh5dZ0knmC3qr7
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-