General
-
Target
d991ff0e241819debead0d0338b4a0b8c6c2bb1e1965b9dd5614f63fb85b4136.bin
-
Size
643KB
-
Sample
230505-ym9snsdb5z
-
MD5
73ce33e61ea8295734779bec16f75cae
-
SHA1
2fe03f194c3bffc019348d50575e6f62aa27a6f9
-
SHA256
d991ff0e241819debead0d0338b4a0b8c6c2bb1e1965b9dd5614f63fb85b4136
-
SHA512
852b57cd57ed33686d9255e8bbf7390ed01f7ecca312f3bbef411f5ced9373e32d535824c4d0bce27443607d59ecc7e2e6dcb571042d6b061e39c2a19e4e261b
-
SSDEEP
12288:Dy901HUDWz07adqrkstf199NeEvcY3niIVdUN/ZSjbMBhB7M/kna:Dyc7zyajm1XNeEkY3TdUBkbfMna
Malware Config
Targets
-
-
Target
d991ff0e241819debead0d0338b4a0b8c6c2bb1e1965b9dd5614f63fb85b4136.bin
-
Size
643KB
-
MD5
73ce33e61ea8295734779bec16f75cae
-
SHA1
2fe03f194c3bffc019348d50575e6f62aa27a6f9
-
SHA256
d991ff0e241819debead0d0338b4a0b8c6c2bb1e1965b9dd5614f63fb85b4136
-
SHA512
852b57cd57ed33686d9255e8bbf7390ed01f7ecca312f3bbef411f5ced9373e32d535824c4d0bce27443607d59ecc7e2e6dcb571042d6b061e39c2a19e4e261b
-
SSDEEP
12288:Dy901HUDWz07adqrkstf199NeEvcY3niIVdUN/ZSjbMBhB7M/kna:Dyc7zyajm1XNeEkY3TdUBkbfMna
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-