General
-
Target
b8aed0301a5f0d70ceb0164e98c6404c45faf6c1c023387b865dc214c69dc51a.bin
-
Size
691KB
-
Sample
230505-xwfqhsae51
-
MD5
5cecfaaf85004695eb7cc1349314558e
-
SHA1
4347b8c24094181e490f720d479e64ad9c4bd08e
-
SHA256
b8aed0301a5f0d70ceb0164e98c6404c45faf6c1c023387b865dc214c69dc51a
-
SHA512
bec88705a7336e63c30473b92c919a160dd22a06c82f7f539ed736c7059c504d5a7d5f5bdf3dd631b9ad8a5741e6cbe088952f5a740b006d562b5f1b651cd8a4
-
SSDEEP
12288:gy90kQdpc1eZHO7HVSepEQG1UrfCnDSe2c7CTSANBelJ2P9gij:gytYc8Zu7HVyx9B2YAN9J
Malware Config
Targets
-
-
Target
b8aed0301a5f0d70ceb0164e98c6404c45faf6c1c023387b865dc214c69dc51a.bin
-
Size
691KB
-
MD5
5cecfaaf85004695eb7cc1349314558e
-
SHA1
4347b8c24094181e490f720d479e64ad9c4bd08e
-
SHA256
b8aed0301a5f0d70ceb0164e98c6404c45faf6c1c023387b865dc214c69dc51a
-
SHA512
bec88705a7336e63c30473b92c919a160dd22a06c82f7f539ed736c7059c504d5a7d5f5bdf3dd631b9ad8a5741e6cbe088952f5a740b006d562b5f1b651cd8a4
-
SSDEEP
12288:gy90kQdpc1eZHO7HVSepEQG1UrfCnDSe2c7CTSANBelJ2P9gij:gytYc8Zu7HVyx9B2YAN9J
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-