General
-
Target
aa7daba1657a62aac426317f4a069db1.exe
-
Size
1.2MB
-
Sample
230505-xkg47shd4s
-
MD5
aa7daba1657a62aac426317f4a069db1
-
SHA1
370a1c790d3e3dfd7b4cc535e225eb53667689e5
-
SHA256
9404c1b483cfb08ebefacedc12657788826b8c36f59dc379efde17c1ce5eb59a
-
SHA512
0526904b6b91bf2e274931eb41755982fdc03277bf6d5e3ccf90a105a7eb3b503f6d9ab59e9491c16d8ec1358702eb78ea536368a46bfee71e2be8a2bd9556f4
-
SSDEEP
24576:OyfOWI5DowpDRdt7iBnfYFvBzmYiydvb1mf+HRN:doR77iBkvBzmZydT1mf+HR
Malware Config
Targets
-
-
Target
aa7daba1657a62aac426317f4a069db1.exe
-
Size
1.2MB
-
MD5
aa7daba1657a62aac426317f4a069db1
-
SHA1
370a1c790d3e3dfd7b4cc535e225eb53667689e5
-
SHA256
9404c1b483cfb08ebefacedc12657788826b8c36f59dc379efde17c1ce5eb59a
-
SHA512
0526904b6b91bf2e274931eb41755982fdc03277bf6d5e3ccf90a105a7eb3b503f6d9ab59e9491c16d8ec1358702eb78ea536368a46bfee71e2be8a2bd9556f4
-
SSDEEP
24576:OyfOWI5DowpDRdt7iBnfYFvBzmYiydvb1mf+HRN:doR77iBkvBzmZydT1mf+HR
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-