General
-
Target
af5e5f477ee15fa888ed9f658388b0b3694ebd76ba19833a626ed1fe577c4c50.bin
-
Size
1.2MB
-
Sample
230505-xnxdasff67
-
MD5
4823fa320b475f84dc43a634b2cfc648
-
SHA1
96e04bfbc2064fff8c3a38511943af572389d9bd
-
SHA256
af5e5f477ee15fa888ed9f658388b0b3694ebd76ba19833a626ed1fe577c4c50
-
SHA512
320d5737545c7a3196d42e7d383f1930dd8d2953d2bca3cf6bbcc5fe15c7d6de8f8375a80a058e024d3e5ffb5224ebb3c9982460ac4adfb5a1bee54de19b352f
-
SSDEEP
24576:rGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:rGMOKSUDNGQp9qKqFR4JUcDLqNp/b
Malware Config
Targets
-
-
Target
af5e5f477ee15fa888ed9f658388b0b3694ebd76ba19833a626ed1fe577c4c50.bin
-
Size
1.2MB
-
MD5
4823fa320b475f84dc43a634b2cfc648
-
SHA1
96e04bfbc2064fff8c3a38511943af572389d9bd
-
SHA256
af5e5f477ee15fa888ed9f658388b0b3694ebd76ba19833a626ed1fe577c4c50
-
SHA512
320d5737545c7a3196d42e7d383f1930dd8d2953d2bca3cf6bbcc5fe15c7d6de8f8375a80a058e024d3e5ffb5224ebb3c9982460ac4adfb5a1bee54de19b352f
-
SSDEEP
24576:rGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:rGMOKSUDNGQp9qKqFR4JUcDLqNp/b
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-