General
-
Target
bf20e07f595a43f0819e69362d26a48d1a102e4683ac09a1c4a628bf85a14520.bin
-
Size
1.2MB
-
Sample
230505-x14m5sgh53
-
MD5
9403b8c9ffbc4c4401a8f657e9786208
-
SHA1
090cdbc5ed84a6091fc6fb5950794a384f308842
-
SHA256
bf20e07f595a43f0819e69362d26a48d1a102e4683ac09a1c4a628bf85a14520
-
SHA512
6a5d7b58ffad0cccbda0d7c059b230f588d4a720836a4c9c5addcee2dea51d7cd2f61a101e1df85f5750acc3b8282a3c8df7fcc12337e4be57e89b0481691529
-
SSDEEP
24576:lyp/1UeB6/yQ8RTKxp0Z1YsFcY6XiC/WakW9qd0JMAFymoqfZSGb:ATN6/8VMWBWZSCOak8qdSJ1Z
Static task
static1
Behavioral task
behavioral1
Sample
bf20e07f595a43f0819e69362d26a48d1a102e4683ac09a1c4a628bf85a14520.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bf20e07f595a43f0819e69362d26a48d1a102e4683ac09a1c4a628bf85a14520.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
bf20e07f595a43f0819e69362d26a48d1a102e4683ac09a1c4a628bf85a14520.bin
-
Size
1.2MB
-
MD5
9403b8c9ffbc4c4401a8f657e9786208
-
SHA1
090cdbc5ed84a6091fc6fb5950794a384f308842
-
SHA256
bf20e07f595a43f0819e69362d26a48d1a102e4683ac09a1c4a628bf85a14520
-
SHA512
6a5d7b58ffad0cccbda0d7c059b230f588d4a720836a4c9c5addcee2dea51d7cd2f61a101e1df85f5750acc3b8282a3c8df7fcc12337e4be57e89b0481691529
-
SSDEEP
24576:lyp/1UeB6/yQ8RTKxp0Z1YsFcY6XiC/WakW9qd0JMAFymoqfZSGb:ATN6/8VMWBWZSCOak8qdSJ1Z
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-