General
-
Target
865a03692e1066fd4c9eb1a864392f53adca9da267be24706f001faeaf1cddc9
-
Size
599KB
-
Sample
230505-w8e43sdh43
-
MD5
efc53e2d92e93568c1352fa1547c384d
-
SHA1
295616a40bf28b8c39535aea96f0bfb3c04328ca
-
SHA256
865a03692e1066fd4c9eb1a864392f53adca9da267be24706f001faeaf1cddc9
-
SHA512
f3e5a7048c79071f8cbe7de6bba80bf7679754304d36fffa9342b012c808868d6796ac0373144ae8c394506fb6f95e644ed4ce376587a765024200814043a1dc
-
SSDEEP
12288:AMrMy90JiMhibVVE4AqoKkgsc5mviiXGMJxMLKb/j39LOm3LPUCO3f6:cy2i4kALKrsc5mqexKKbLQm7PrO3C
Malware Config
Targets
-
-
Target
865a03692e1066fd4c9eb1a864392f53adca9da267be24706f001faeaf1cddc9
-
Size
599KB
-
MD5
efc53e2d92e93568c1352fa1547c384d
-
SHA1
295616a40bf28b8c39535aea96f0bfb3c04328ca
-
SHA256
865a03692e1066fd4c9eb1a864392f53adca9da267be24706f001faeaf1cddc9
-
SHA512
f3e5a7048c79071f8cbe7de6bba80bf7679754304d36fffa9342b012c808868d6796ac0373144ae8c394506fb6f95e644ed4ce376587a765024200814043a1dc
-
SSDEEP
12288:AMrMy90JiMhibVVE4AqoKkgsc5mviiXGMJxMLKb/j39LOm3LPUCO3f6:cy2i4kALKrsc5mqexKKbLQm7PrO3C
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-