General
-
Target
45599ce0933ab70eec723fca04e976be74cdcf514483c5c0aa481f3476331410
-
Size
709KB
-
Sample
230505-wzgljscg52
-
MD5
2ef5d29dd22a19098f407e85b0bdfb9f
-
SHA1
4870dea4e7672053760445a8cd3199cfc40e46a2
-
SHA256
45599ce0933ab70eec723fca04e976be74cdcf514483c5c0aa481f3476331410
-
SHA512
7c6d1692268d02fb1f7e82410cd449724a28a0856f6d1da4c5a0cda65521ac024e58f392eb3d8bff6300a9dc237c5229f93bda56ab7cc834915c6d58baafc357
-
SSDEEP
12288:CMrly90O43LcbFB1ztP+FMeao4CMP0idL9tDWxmLhkchsdQ/QxqAB2udR:vyl4bcbj7MMqJy/WMGcidQ/GqY
Malware Config
Targets
-
-
Target
45599ce0933ab70eec723fca04e976be74cdcf514483c5c0aa481f3476331410
-
Size
709KB
-
MD5
2ef5d29dd22a19098f407e85b0bdfb9f
-
SHA1
4870dea4e7672053760445a8cd3199cfc40e46a2
-
SHA256
45599ce0933ab70eec723fca04e976be74cdcf514483c5c0aa481f3476331410
-
SHA512
7c6d1692268d02fb1f7e82410cd449724a28a0856f6d1da4c5a0cda65521ac024e58f392eb3d8bff6300a9dc237c5229f93bda56ab7cc834915c6d58baafc357
-
SSDEEP
12288:CMrly90O43LcbFB1ztP+FMeao4CMP0idL9tDWxmLhkchsdQ/QxqAB2udR:vyl4bcbj7MMqJy/WMGcidQ/GqY
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-