General

  • Target

    e9a9f5900e3db922068e24197e4fe4462c1df8ff184bc662bc4eedc846383192.bin

  • Size

    694KB

  • Sample

    230501-xmr27agd4x

  • MD5

    350833d78e9db8d00bdfa6761a37b3fc

  • SHA1

    6028a30702af762ba2eac5a09e082b6b4769dbdd

  • SHA256

    e9a9f5900e3db922068e24197e4fe4462c1df8ff184bc662bc4eedc846383192

  • SHA512

    fb17351992022e8f50ab15185591c78d4d3b3942adb776a6f087aaff55dcea1322895fba7d7456db94cc15215c85f71cd68ebcd9520cd83d91b0000de7ca0667

  • SSDEEP

    12288:ly90z+lRbd1CkIzfNnTiRqlniqVdUN0cR/bP5zBjPJBWWrh:lyqwWkMfNWRqlRdUeYbRBTh

Malware Config

Targets

    • Target

      e9a9f5900e3db922068e24197e4fe4462c1df8ff184bc662bc4eedc846383192.bin

    • Size

      694KB

    • MD5

      350833d78e9db8d00bdfa6761a37b3fc

    • SHA1

      6028a30702af762ba2eac5a09e082b6b4769dbdd

    • SHA256

      e9a9f5900e3db922068e24197e4fe4462c1df8ff184bc662bc4eedc846383192

    • SHA512

      fb17351992022e8f50ab15185591c78d4d3b3942adb776a6f087aaff55dcea1322895fba7d7456db94cc15215c85f71cd68ebcd9520cd83d91b0000de7ca0667

    • SSDEEP

      12288:ly90z+lRbd1CkIzfNnTiRqlniqVdUN0cR/bP5zBjPJBWWrh:lyqwWkMfNWRqlRdUeYbRBTh

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks