General
-
Target
db74d6349395de3cbecd04292b7a9e136d1158981a8e472b13c9154612eac825.bin
-
Size
564KB
-
Sample
230505-yp72vsbb54
-
MD5
722c2de706adc6d989dbe09982c3f62a
-
SHA1
92400654831d2d9ade105faa4585d72679b04edd
-
SHA256
db74d6349395de3cbecd04292b7a9e136d1158981a8e472b13c9154612eac825
-
SHA512
c3566f838a147b6077f2eeab97844bce98a28a79f21dfe4c1bfd740b044315ca11dc293e2b8cf47f8b5bba8fbef74dd15abf75ce9e60d1b5ea0d33ec9fc00ab6
-
SSDEEP
12288:Ry9042hevNAz5WwuAX8cpyDXbccrzjIlBzr01qJnMLG84yFmV:RyQwvOzuAXBMDLcSepI1qNQzsV
Malware Config
Targets
-
-
Target
db74d6349395de3cbecd04292b7a9e136d1158981a8e472b13c9154612eac825.bin
-
Size
564KB
-
MD5
722c2de706adc6d989dbe09982c3f62a
-
SHA1
92400654831d2d9ade105faa4585d72679b04edd
-
SHA256
db74d6349395de3cbecd04292b7a9e136d1158981a8e472b13c9154612eac825
-
SHA512
c3566f838a147b6077f2eeab97844bce98a28a79f21dfe4c1bfd740b044315ca11dc293e2b8cf47f8b5bba8fbef74dd15abf75ce9e60d1b5ea0d33ec9fc00ab6
-
SSDEEP
12288:Ry9042hevNAz5WwuAX8cpyDXbccrzjIlBzr01qJnMLG84yFmV:RyQwvOzuAXBMDLcSepI1qNQzsV
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-