General
-
Target
ada02973f7f8cad69858459393fd636b975e3080c6c05e53f65470e711f036f2.bin
-
Size
1.5MB
-
Sample
230505-xmkccafe53
-
MD5
d578f18acda1d5067a3fb483963ae885
-
SHA1
806d1fa3d7185231081331313706a35311ad4a58
-
SHA256
ada02973f7f8cad69858459393fd636b975e3080c6c05e53f65470e711f036f2
-
SHA512
e2c601b1cf1e97b56ce46b98ea3bdd518e59f6f2d749acfa668d7eaf6dc5a712db0d3e079cfea7f08f7521877621f0734271eea0c2bb2b98631912c4f04e9bb6
-
SSDEEP
24576:RyFenhxKixQorSfQtDbf1TXwr7ERlOV0jJy7jIOSeNoxlB4w:EPixZSItHtXo6c0mS
Static task
static1
Behavioral task
behavioral1
Sample
ada02973f7f8cad69858459393fd636b975e3080c6c05e53f65470e711f036f2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ada02973f7f8cad69858459393fd636b975e3080c6c05e53f65470e711f036f2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
ada02973f7f8cad69858459393fd636b975e3080c6c05e53f65470e711f036f2.bin
-
Size
1.5MB
-
MD5
d578f18acda1d5067a3fb483963ae885
-
SHA1
806d1fa3d7185231081331313706a35311ad4a58
-
SHA256
ada02973f7f8cad69858459393fd636b975e3080c6c05e53f65470e711f036f2
-
SHA512
e2c601b1cf1e97b56ce46b98ea3bdd518e59f6f2d749acfa668d7eaf6dc5a712db0d3e079cfea7f08f7521877621f0734271eea0c2bb2b98631912c4f04e9bb6
-
SSDEEP
24576:RyFenhxKixQorSfQtDbf1TXwr7ERlOV0jJy7jIOSeNoxlB4w:EPixZSItHtXo6c0mS
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-