General
-
Target
a873f67997cafe8b8abfe69b38422d046d45c932c1398d8152193fe76149ffac.bin
-
Size
651KB
-
Sample
230505-xja99shb9t
-
MD5
a40b35c07dbc3990f44edee5affdfc5d
-
SHA1
e92cede91dc71078290fdcb1153395b57f732956
-
SHA256
a873f67997cafe8b8abfe69b38422d046d45c932c1398d8152193fe76149ffac
-
SHA512
a8fdb3ce984f2d01e2974e93feeaa56eb128669af953880960b489235958d2a2b5b8b3b69ce6dfef33171691f32d0a7f09be833c9af81f9e5ef759594c11f9d7
-
SSDEEP
12288:Ay90qz5VexC7vtJ2Ps7+jPJGEnKNDNAq/vvL+keATzx:AybVVb7vtJ2Ps6jPsNt/rMAzx
Malware Config
Targets
-
-
Target
a873f67997cafe8b8abfe69b38422d046d45c932c1398d8152193fe76149ffac.bin
-
Size
651KB
-
MD5
a40b35c07dbc3990f44edee5affdfc5d
-
SHA1
e92cede91dc71078290fdcb1153395b57f732956
-
SHA256
a873f67997cafe8b8abfe69b38422d046d45c932c1398d8152193fe76149ffac
-
SHA512
a8fdb3ce984f2d01e2974e93feeaa56eb128669af953880960b489235958d2a2b5b8b3b69ce6dfef33171691f32d0a7f09be833c9af81f9e5ef759594c11f9d7
-
SSDEEP
12288:Ay90qz5VexC7vtJ2Ps7+jPJGEnKNDNAq/vvL+keATzx:AybVVb7vtJ2Ps6jPsNt/rMAzx
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-