General
-
Target
8be053698b6c842a1917bab42490cc017c0ad7ec24270185d5fb38bd78fe2f8b
-
Size
1.3MB
-
Sample
230505-w83v5sea29
-
MD5
99decfaf7600c14ebc9822ca2e395893
-
SHA1
b12938892f11aedaee95acc8e53bc8919225de55
-
SHA256
8be053698b6c842a1917bab42490cc017c0ad7ec24270185d5fb38bd78fe2f8b
-
SHA512
f54cd8264b68000bdbe69da45e9189dfb115f576b8fa018a8b9a44b5d905c3f4d85c2749f44c6a8d7b8eec529a0a75d56e15c56531143c3856a03b5b2b3d5a5c
-
SSDEEP
24576:fyHWKaBMhdxcuc6He0I74795uiFId4jhedqYHPa4AKwvz:q2ctc6HW4RrFIdkwuK
Malware Config
Extracted
redline
luser
185.161.248.73:4164
-
auth_value
cf14a84de9a3b6b7b8981202f3b616fb
Targets
-
-
Target
8be053698b6c842a1917bab42490cc017c0ad7ec24270185d5fb38bd78fe2f8b
-
Size
1.3MB
-
MD5
99decfaf7600c14ebc9822ca2e395893
-
SHA1
b12938892f11aedaee95acc8e53bc8919225de55
-
SHA256
8be053698b6c842a1917bab42490cc017c0ad7ec24270185d5fb38bd78fe2f8b
-
SHA512
f54cd8264b68000bdbe69da45e9189dfb115f576b8fa018a8b9a44b5d905c3f4d85c2749f44c6a8d7b8eec529a0a75d56e15c56531143c3856a03b5b2b3d5a5c
-
SSDEEP
24576:fyHWKaBMhdxcuc6He0I74795uiFId4jhedqYHPa4AKwvz:q2ctc6HW4RrFIdkwuK
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-