General
-
Target
ab4318e035f505b79444ddd773187d5a6d43945a3b6574d430a1fac52f77811a.bin
-
Size
691KB
-
Sample
230505-xkwbtsfc93
-
MD5
4b8acf4143659221a3105fc5ab8a45d8
-
SHA1
3a55380133935cce894031be9e08c049569b93ac
-
SHA256
ab4318e035f505b79444ddd773187d5a6d43945a3b6574d430a1fac52f77811a
-
SHA512
a629b3cab223fda9d9b3b416099d16b12ffc6bb0a332ade88802bc0e6c5cfd1fd0dd6f15358f0acaa4a60d740276277216f35f8f97e33590ab45a87a9bfda4d4
-
SSDEEP
12288:Vy90ulITPPwDUozUrBEF8WrSAfGe2c7SDSANBNeIqc:VysD9KfJV2wAN/xp
Malware Config
Targets
-
-
Target
ab4318e035f505b79444ddd773187d5a6d43945a3b6574d430a1fac52f77811a.bin
-
Size
691KB
-
MD5
4b8acf4143659221a3105fc5ab8a45d8
-
SHA1
3a55380133935cce894031be9e08c049569b93ac
-
SHA256
ab4318e035f505b79444ddd773187d5a6d43945a3b6574d430a1fac52f77811a
-
SHA512
a629b3cab223fda9d9b3b416099d16b12ffc6bb0a332ade88802bc0e6c5cfd1fd0dd6f15358f0acaa4a60d740276277216f35f8f97e33590ab45a87a9bfda4d4
-
SSDEEP
12288:Vy90ulITPPwDUozUrBEF8WrSAfGe2c7SDSANBNeIqc:VysD9KfJV2wAN/xp
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-