General
-
Target
59aa5f28b64e45da0abce596ece4a22db13b25e32ee422108414a16a198dc6af
-
Size
480KB
-
Sample
230505-w252xsdb37
-
MD5
3957b831b25fa1041dd6acf52beb404a
-
SHA1
fb05ca4cf31168691a3bf11ae47e4e5e6dd05e24
-
SHA256
59aa5f28b64e45da0abce596ece4a22db13b25e32ee422108414a16a198dc6af
-
SHA512
63117232db4aae92d7adf94002f62d8989c2a4de56da7276ed399c4a2256489944990a24518e988481936dc2ce809135459142c27b3035f58eedf920224ee505
-
SSDEEP
12288:AMrBy90U08s2LdXfbyVhgAEhc1ROTFGlJhrRVNtaJ0OpN:xySALBDyE7q1ROhGDhlEJN
Malware Config
Targets
-
-
Target
59aa5f28b64e45da0abce596ece4a22db13b25e32ee422108414a16a198dc6af
-
Size
480KB
-
MD5
3957b831b25fa1041dd6acf52beb404a
-
SHA1
fb05ca4cf31168691a3bf11ae47e4e5e6dd05e24
-
SHA256
59aa5f28b64e45da0abce596ece4a22db13b25e32ee422108414a16a198dc6af
-
SHA512
63117232db4aae92d7adf94002f62d8989c2a4de56da7276ed399c4a2256489944990a24518e988481936dc2ce809135459142c27b3035f58eedf920224ee505
-
SSDEEP
12288:AMrBy90U08s2LdXfbyVhgAEhc1ROTFGlJhrRVNtaJ0OpN:xySALBDyE7q1ROhGDhlEJN
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-