General
-
Target
771d7fed1544b87aba84d6d57697dc31572e612bd8438aaef8725871df21953c
-
Size
587KB
-
Sample
230505-w6nnfadf25
-
MD5
deb77281ed842b9016e8ad45a717fc20
-
SHA1
495da552ecd73a9718a8b4685856cf28ce7bacc0
-
SHA256
771d7fed1544b87aba84d6d57697dc31572e612bd8438aaef8725871df21953c
-
SHA512
d59a80a5c71c98014d0e572e9c8766693da601ef1d6a9218bd53bd06172499b3bb693ec64f3e3e8381a528c77f2896821b8c7f9a5fd86b90773ec21e6cd15655
-
SSDEEP
12288:aMrDy90n1x4/qjUhl9m+32MTS8hdOSVrlesoK:JyOSqAhlz1TSAF5
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
771d7fed1544b87aba84d6d57697dc31572e612bd8438aaef8725871df21953c
-
Size
587KB
-
MD5
deb77281ed842b9016e8ad45a717fc20
-
SHA1
495da552ecd73a9718a8b4685856cf28ce7bacc0
-
SHA256
771d7fed1544b87aba84d6d57697dc31572e612bd8438aaef8725871df21953c
-
SHA512
d59a80a5c71c98014d0e572e9c8766693da601ef1d6a9218bd53bd06172499b3bb693ec64f3e3e8381a528c77f2896821b8c7f9a5fd86b90773ec21e6cd15655
-
SSDEEP
12288:aMrDy90n1x4/qjUhl9m+32MTS8hdOSVrlesoK:JyOSqAhlz1TSAF5
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-