General
-
Target
a16fea433086850b5b163b7a63aac35746a0a0433441c54d3f81633387f42e77.bin
-
Size
1.2MB
-
Sample
230505-xd894sef22
-
MD5
83dee979c7cd27011928bcac0a593517
-
SHA1
1f9d7b35308de4049ef51ba7d7b4016d6b43f147
-
SHA256
a16fea433086850b5b163b7a63aac35746a0a0433441c54d3f81633387f42e77
-
SHA512
a33e53594007111f0cc4df0bfe63083912f82bbf67e7358175a69a1e372567458420587fd177e1b8a3f59dcebf67b4bc521f68cbaedf0a32225ccf251703f158
-
SSDEEP
24576:ey1fa0k6LmhCU2PfNnKBnO/8QUxqNge48PHDbZNloYuk6IHcdnrNJ:tFfk6Lm10fsU0pxiHH5tuN
Static task
static1
Behavioral task
behavioral1
Sample
a16fea433086850b5b163b7a63aac35746a0a0433441c54d3f81633387f42e77.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a16fea433086850b5b163b7a63aac35746a0a0433441c54d3f81633387f42e77.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
a16fea433086850b5b163b7a63aac35746a0a0433441c54d3f81633387f42e77.bin
-
Size
1.2MB
-
MD5
83dee979c7cd27011928bcac0a593517
-
SHA1
1f9d7b35308de4049ef51ba7d7b4016d6b43f147
-
SHA256
a16fea433086850b5b163b7a63aac35746a0a0433441c54d3f81633387f42e77
-
SHA512
a33e53594007111f0cc4df0bfe63083912f82bbf67e7358175a69a1e372567458420587fd177e1b8a3f59dcebf67b4bc521f68cbaedf0a32225ccf251703f158
-
SSDEEP
24576:ey1fa0k6LmhCU2PfNnKBnO/8QUxqNge48PHDbZNloYuk6IHcdnrNJ:tFfk6Lm10fsU0pxiHH5tuN
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-