General
-
Target
b22057b6b4da4b2d154a15f922fe86582adb303f4527a484620e9d04a03d3592.bin
-
Size
1.5MB
-
Sample
230505-xrd15aaa7s
-
MD5
29924fcc159f1aa50136b480a73c8f0c
-
SHA1
34bf0e1faa3b46587b4bfba89a2053b977eb60f9
-
SHA256
b22057b6b4da4b2d154a15f922fe86582adb303f4527a484620e9d04a03d3592
-
SHA512
91eae78413c49e50e4c452f61d946367ff4ab5c7f1c176ba14d416e08d0ee6c5eb86af4d60e9d94cc4272bd52b274f18896bd7904ee04ef5b949760d147ab6bc
-
SSDEEP
24576:Dy0i1N56bWVnq4Ki2OAtDJqn/qwv21XPQkqrUF8vM5LdZ+BlFq+j7:WXVn/A5ttqn/NwqiT+BV
Static task
static1
Behavioral task
behavioral1
Sample
b22057b6b4da4b2d154a15f922fe86582adb303f4527a484620e9d04a03d3592.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b22057b6b4da4b2d154a15f922fe86582adb303f4527a484620e9d04a03d3592.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
b22057b6b4da4b2d154a15f922fe86582adb303f4527a484620e9d04a03d3592.bin
-
Size
1.5MB
-
MD5
29924fcc159f1aa50136b480a73c8f0c
-
SHA1
34bf0e1faa3b46587b4bfba89a2053b977eb60f9
-
SHA256
b22057b6b4da4b2d154a15f922fe86582adb303f4527a484620e9d04a03d3592
-
SHA512
91eae78413c49e50e4c452f61d946367ff4ab5c7f1c176ba14d416e08d0ee6c5eb86af4d60e9d94cc4272bd52b274f18896bd7904ee04ef5b949760d147ab6bc
-
SSDEEP
24576:Dy0i1N56bWVnq4Ki2OAtDJqn/qwv21XPQkqrUF8vM5LdZ+BlFq+j7:WXVn/A5ttqn/NwqiT+BV
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-