General
-
Target
ea3fcd492f31fc5b066f9f62feae31ec.bin.bin
-
Size
63.9MB
-
Sample
230501-xna53agd61
-
MD5
ea3fcd492f31fc5b066f9f62feae31ec
-
SHA1
f7b760ed0b08d5841a561a2b28a832b28ed5143d
-
SHA256
c340f05e26acbe44199c926f2a14757055bd697b7d3a9a2546fb457aa93d165a
-
SHA512
e58ce546b6d2e694bf664a814bbb99b0438b35acfd12f0c1d55db2a13a68520c2b9fd55f8f4efd94a8b0836bbfe9d161d0472f0e75e2a6212eb97566204922b0
-
SSDEEP
1572864:7jddrbWxtdkqEy+zIO7aYjxUUYorndzVmtbXAwdf:/fWxDKy+zIO7V+obVV2bXAgf
Malware Config
Targets
-
-
Target
ea3fcd492f31fc5b066f9f62feae31ec.bin.bin
-
Size
63.9MB
-
MD5
ea3fcd492f31fc5b066f9f62feae31ec
-
SHA1
f7b760ed0b08d5841a561a2b28a832b28ed5143d
-
SHA256
c340f05e26acbe44199c926f2a14757055bd697b7d3a9a2546fb457aa93d165a
-
SHA512
e58ce546b6d2e694bf664a814bbb99b0438b35acfd12f0c1d55db2a13a68520c2b9fd55f8f4efd94a8b0836bbfe9d161d0472f0e75e2a6212eb97566204922b0
-
SSDEEP
1572864:7jddrbWxtdkqEy+zIO7aYjxUUYorndzVmtbXAwdf:/fWxDKy+zIO7V+obVV2bXAgf
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-