General
-
Target
b12e1fd306e6108a7b9a8b23c6d88361442c312f0f0bf52394b3345ff5d6e9b3.bin
-
Size
611KB
-
Sample
230505-xqr7cshh9z
-
MD5
17348047570db9d45f6e78ff2208bd29
-
SHA1
594513626cdea4dd8d9625f5795e81616a4585a8
-
SHA256
b12e1fd306e6108a7b9a8b23c6d88361442c312f0f0bf52394b3345ff5d6e9b3
-
SHA512
7a56b519ab731301b4e37deaa350e659f909be5e0d3c2b2942853d8b183268c092f3f75b28d0666cdd471715fe75cc0935d655e4c86b81aff5492d504b15ae13
-
SSDEEP
12288:7y90m6wM2JtvieRTboA2zvz0isqgSbNIiknEbcb:7yAlOoAab0iZbKijbcb
Malware Config
Targets
-
-
Target
b12e1fd306e6108a7b9a8b23c6d88361442c312f0f0bf52394b3345ff5d6e9b3.bin
-
Size
611KB
-
MD5
17348047570db9d45f6e78ff2208bd29
-
SHA1
594513626cdea4dd8d9625f5795e81616a4585a8
-
SHA256
b12e1fd306e6108a7b9a8b23c6d88361442c312f0f0bf52394b3345ff5d6e9b3
-
SHA512
7a56b519ab731301b4e37deaa350e659f909be5e0d3c2b2942853d8b183268c092f3f75b28d0666cdd471715fe75cc0935d655e4c86b81aff5492d504b15ae13
-
SSDEEP
12288:7y90m6wM2JtvieRTboA2zvz0isqgSbNIiknEbcb:7yAlOoAab0iZbKijbcb
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-