General
-
Target
4256c5169b6fd623f7316628c9ce97a62cead05c0f82a3b9c49670d777d25b26
-
Size
1.4MB
-
Sample
230505-wy5a8acf97
-
MD5
18924a125ee1b05678190b04cd722c91
-
SHA1
3c0bf3322223eb8b994206545aeb9aaa064a3e63
-
SHA256
4256c5169b6fd623f7316628c9ce97a62cead05c0f82a3b9c49670d777d25b26
-
SHA512
6de592585dfa93c134140015eb29d1e4a04fa69ee8f8974b2690886a8b71ba5649a8b3bb9183bc9b3bf4a20a6dc7451e1b4b7d8a244309b7b505bcfbd4cdb3e1
-
SSDEEP
24576:EyeGzwdLubtYvYfCwrhoIrTjUm9GHLtNIu9OAnvTfSo1+4WMA8H1aTU1TzA:T/z2LubcYawdHcm9GrttOYvZg4WwVAC
Malware Config
Extracted
redline
maxbi
185.161.248.73:4164
-
auth_value
6aa7dba884fe45693dfa04c91440daef
Targets
-
-
Target
4256c5169b6fd623f7316628c9ce97a62cead05c0f82a3b9c49670d777d25b26
-
Size
1.4MB
-
MD5
18924a125ee1b05678190b04cd722c91
-
SHA1
3c0bf3322223eb8b994206545aeb9aaa064a3e63
-
SHA256
4256c5169b6fd623f7316628c9ce97a62cead05c0f82a3b9c49670d777d25b26
-
SHA512
6de592585dfa93c134140015eb29d1e4a04fa69ee8f8974b2690886a8b71ba5649a8b3bb9183bc9b3bf4a20a6dc7451e1b4b7d8a244309b7b505bcfbd4cdb3e1
-
SSDEEP
24576:EyeGzwdLubtYvYfCwrhoIrTjUm9GHLtNIu9OAnvTfSo1+4WMA8H1aTU1TzA:T/z2LubcYawdHcm9GrttOYvZg4WwVAC
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-