General
-
Target
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686.bin
-
Size
1.1MB
-
Sample
230501-xjdemaga3v
-
MD5
cb3361883743170c0155cda12ada9348
-
SHA1
3ef933ed740e61f9b9a895ab532bec382fc9eb8b
-
SHA256
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686
-
SHA512
dd959101c759956f718b0165ea2de4941e876cffb511130a016ce13d0bbd58a78c0614d31d3584c10e5a9175f7eeaa3dd0f958a9123244fc6f5e907157c23831
-
SSDEEP
24576:NyMJllRzuf7Ks7tjtXVpMjQ9wjnIk2dZNAtW+as:ooNqGajxVpCxzd8n2
Malware Config
Targets
-
-
Target
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686.bin
-
Size
1.1MB
-
MD5
cb3361883743170c0155cda12ada9348
-
SHA1
3ef933ed740e61f9b9a895ab532bec382fc9eb8b
-
SHA256
e3a7e167990a6da26cd64b33a9d678b9874cbc2f180446d72ff9413fff6e0686
-
SHA512
dd959101c759956f718b0165ea2de4941e876cffb511130a016ce13d0bbd58a78c0614d31d3584c10e5a9175f7eeaa3dd0f958a9123244fc6f5e907157c23831
-
SSDEEP
24576:NyMJllRzuf7Ks7tjtXVpMjQ9wjnIk2dZNAtW+as:ooNqGajxVpCxzd8n2
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-