General
-
Target
e9b446ecb2c6af780aea89567ecef28f43349c6dac10594de3b9910d787be042.bin
-
Size
641KB
-
Sample
230501-xmsnqaef28
-
MD5
95e1d154fc6168defc5a47bf9bd69a5f
-
SHA1
1bc08073cf4ba8ad292eda583b372754ae396ef4
-
SHA256
e9b446ecb2c6af780aea89567ecef28f43349c6dac10594de3b9910d787be042
-
SHA512
56b2bd74e4da69d88f424369e77ead9b3de636497ea382a3382e183defb84c43242feacebe5cbdf94704775d7569d4fb2e8e9d9b88f96502a0099f5ad2198ccc
-
SSDEEP
12288:ty90bQHOyyKZT+j+B7QO3gXvlvOWW6j81qbPK3A+J8k+8ao4Sy:ty6QuVi8vp+6j81qbPon8z5o4Sy
Malware Config
Targets
-
-
Target
e9b446ecb2c6af780aea89567ecef28f43349c6dac10594de3b9910d787be042.bin
-
Size
641KB
-
MD5
95e1d154fc6168defc5a47bf9bd69a5f
-
SHA1
1bc08073cf4ba8ad292eda583b372754ae396ef4
-
SHA256
e9b446ecb2c6af780aea89567ecef28f43349c6dac10594de3b9910d787be042
-
SHA512
56b2bd74e4da69d88f424369e77ead9b3de636497ea382a3382e183defb84c43242feacebe5cbdf94704775d7569d4fb2e8e9d9b88f96502a0099f5ad2198ccc
-
SSDEEP
12288:ty90bQHOyyKZT+j+B7QO3gXvlvOWW6j81qbPK3A+J8k+8ao4Sy:ty6QuVi8vp+6j81qbPon8z5o4Sy
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-