General
-
Target
a714ae161319bab7c2b8fa0324e5d581ff2566ca47d6997de4ba99afff9f9343.bin
-
Size
1.5MB
-
Sample
230505-xhm8fafa84
-
MD5
5786f8c92a6d7d4f32809152fc022605
-
SHA1
36de3ffa3fbf932a8b412726e049ac9cbd82cb29
-
SHA256
a714ae161319bab7c2b8fa0324e5d581ff2566ca47d6997de4ba99afff9f9343
-
SHA512
1a9222edfe2077ad59992fc4775895d3a98bb6e2ac86645b428d8463b8d85db3083c67c1a3fd19bec8f05bc373a31f7949400315af0686c9522b944b30b3d171
-
SSDEEP
24576:iykOa284IijsbgcikGN9bJ1w9zAj+ciYRsGL+fDQkFNKBMT4qQn2qckR+DD4CfR:J/aH49jsbVs/GrmTKLQkLSMT2n2qjR+5
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
a714ae161319bab7c2b8fa0324e5d581ff2566ca47d6997de4ba99afff9f9343.bin
-
Size
1.5MB
-
MD5
5786f8c92a6d7d4f32809152fc022605
-
SHA1
36de3ffa3fbf932a8b412726e049ac9cbd82cb29
-
SHA256
a714ae161319bab7c2b8fa0324e5d581ff2566ca47d6997de4ba99afff9f9343
-
SHA512
1a9222edfe2077ad59992fc4775895d3a98bb6e2ac86645b428d8463b8d85db3083c67c1a3fd19bec8f05bc373a31f7949400315af0686c9522b944b30b3d171
-
SSDEEP
24576:iykOa284IijsbgcikGN9bJ1w9zAj+ciYRsGL+fDQkFNKBMT4qQn2qckR+DD4CfR:J/aH49jsbVs/GrmTKLQkLSMT2n2qjR+5
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-