General
-
Target
a4b849ce61d262c91fc8527d50c458973f1f2180771781d231accf3aacb93979
-
Size
792KB
-
Sample
230505-xf825agh7z
-
MD5
02f082b2c7a0b9105b1f1616cb5725f5
-
SHA1
3db6a20c25deb4432c8cb2a89b8c82bce6514708
-
SHA256
a4b849ce61d262c91fc8527d50c458973f1f2180771781d231accf3aacb93979
-
SHA512
1beddb2c6745ceaac61f56f39b5ed5c05473f2296f8a3954b6c29cbca4bb104ab2a6181ecd33de973b80223eb436978648c2b97fdb50213f72a3a8880771e5c7
-
SSDEEP
12288:My906XwWBdyozf3b0lGIUxUFf40RxH1STTn65JM34qe0wMEutfM4x1iXj4Zy:MypXhzfr+GpW50i0NffntiXj4k
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
a4b849ce61d262c91fc8527d50c458973f1f2180771781d231accf3aacb93979
-
Size
792KB
-
MD5
02f082b2c7a0b9105b1f1616cb5725f5
-
SHA1
3db6a20c25deb4432c8cb2a89b8c82bce6514708
-
SHA256
a4b849ce61d262c91fc8527d50c458973f1f2180771781d231accf3aacb93979
-
SHA512
1beddb2c6745ceaac61f56f39b5ed5c05473f2296f8a3954b6c29cbca4bb104ab2a6181ecd33de973b80223eb436978648c2b97fdb50213f72a3a8880771e5c7
-
SSDEEP
12288:My906XwWBdyozf3b0lGIUxUFf40RxH1STTn65JM34qe0wMEutfM4x1iXj4Zy:MypXhzfr+GpW50i0NffntiXj4k
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-