General
-
Target
d154b465ff49e669d7c342fc96e7171ace0e8e60474396c2a95d9b7c0e2796cd
-
Size
600KB
-
Sample
230505-yhcblsad37
-
MD5
a131d912aa23dbca0550b79c14fc4c02
-
SHA1
13ac473d01488beb961a08dee11234f6d32789f1
-
SHA256
d154b465ff49e669d7c342fc96e7171ace0e8e60474396c2a95d9b7c0e2796cd
-
SHA512
a3559eee7b1d4872432efbd99c04f604262ed18c66bb770435d49f89acde82156dc40886839e219d72753552825d265cac5a5d176893184de76d0d7702b8518e
-
SSDEEP
12288:xMrDy90bKKbISpcfLNYWu1LzhzZ3G3i7eD:CyebISpcjMLzh8SSD
Malware Config
Targets
-
-
Target
d154b465ff49e669d7c342fc96e7171ace0e8e60474396c2a95d9b7c0e2796cd
-
Size
600KB
-
MD5
a131d912aa23dbca0550b79c14fc4c02
-
SHA1
13ac473d01488beb961a08dee11234f6d32789f1
-
SHA256
d154b465ff49e669d7c342fc96e7171ace0e8e60474396c2a95d9b7c0e2796cd
-
SHA512
a3559eee7b1d4872432efbd99c04f604262ed18c66bb770435d49f89acde82156dc40886839e219d72753552825d265cac5a5d176893184de76d0d7702b8518e
-
SSDEEP
12288:xMrDy90bKKbISpcfLNYWu1LzhzZ3G3i7eD:CyebISpcjMLzh8SSD
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-