General
-
Target
9fa40cad7f5a974746469a39d578e049983fc65695a73ec938bb2f824ccb567b.bin
-
Size
1.5MB
-
Sample
230505-xdafsaee27
-
MD5
deb08cbeccf103e812bd85bc63acb676
-
SHA1
a7ccdabf1a275ab4ab32825f7dfbef8a2d54e7b4
-
SHA256
9fa40cad7f5a974746469a39d578e049983fc65695a73ec938bb2f824ccb567b
-
SHA512
c20cdad81514b24e635548d9cd30d945c83db08ab3689cd627c8778a640ddb716b55372abe9097d562a8cb4561144689384069f26dfbbcdf64905e4771c80fa7
-
SSDEEP
24576:fy1omlOeK9SDBmLeVw8TOKEOHFmI8j+Y8bmnQjJQ/vT9M0shUtAZXGMRDOxKMJv:q+PeKsBmPgLEYF78jVSmwG2yeG1
Static task
static1
Behavioral task
behavioral1
Sample
9fa40cad7f5a974746469a39d578e049983fc65695a73ec938bb2f824ccb567b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9fa40cad7f5a974746469a39d578e049983fc65695a73ec938bb2f824ccb567b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
9fa40cad7f5a974746469a39d578e049983fc65695a73ec938bb2f824ccb567b.bin
-
Size
1.5MB
-
MD5
deb08cbeccf103e812bd85bc63acb676
-
SHA1
a7ccdabf1a275ab4ab32825f7dfbef8a2d54e7b4
-
SHA256
9fa40cad7f5a974746469a39d578e049983fc65695a73ec938bb2f824ccb567b
-
SHA512
c20cdad81514b24e635548d9cd30d945c83db08ab3689cd627c8778a640ddb716b55372abe9097d562a8cb4561144689384069f26dfbbcdf64905e4771c80fa7
-
SSDEEP
24576:fy1omlOeK9SDBmLeVw8TOKEOHFmI8j+Y8bmnQjJQ/vT9M0shUtAZXGMRDOxKMJv:q+PeKsBmPgLEYF78jVSmwG2yeG1
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-