General
-
Target
b15a1b4bcaabe51127c5e900637ac9ec03d29cc1437983a6e055d3fe9dee3332.bin
-
Size
611KB
-
Sample
230505-xqwvjsaa2y
-
MD5
fa12ef8c21caa46e53679d6bb4a1d48b
-
SHA1
45f97039a0de9b281efbb8317b9df238eaf58bd8
-
SHA256
b15a1b4bcaabe51127c5e900637ac9ec03d29cc1437983a6e055d3fe9dee3332
-
SHA512
84563bef7245f4f63d25b117ebc2137e62fd4243217ea26211e6ed969444b59823a67958f4c98db71d078942ee623410e821b8556a5d5e2cc0436d44ccf353de
-
SSDEEP
12288:uy90dBjH3B4HFurWKsbMOcwUvXfSMNh3usxKkRW:uyeBjXKdfMyUvXfkkRW
Malware Config
Targets
-
-
Target
b15a1b4bcaabe51127c5e900637ac9ec03d29cc1437983a6e055d3fe9dee3332.bin
-
Size
611KB
-
MD5
fa12ef8c21caa46e53679d6bb4a1d48b
-
SHA1
45f97039a0de9b281efbb8317b9df238eaf58bd8
-
SHA256
b15a1b4bcaabe51127c5e900637ac9ec03d29cc1437983a6e055d3fe9dee3332
-
SHA512
84563bef7245f4f63d25b117ebc2137e62fd4243217ea26211e6ed969444b59823a67958f4c98db71d078942ee623410e821b8556a5d5e2cc0436d44ccf353de
-
SSDEEP
12288:uy90dBjH3B4HFurWKsbMOcwUvXfSMNh3usxKkRW:uyeBjXKdfMyUvXfkkRW
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-