General
-
Target
e320703110bd60543200fb196309fa7611a6edbbd5c6483236498c04057306eb.bin
-
Size
1.5MB
-
Sample
230505-yxdg8abg54
-
MD5
924a443b45f37857dac34f1056951816
-
SHA1
f55da1aaa0b4e6ea8e60a1fcf6393bbbf019c2eb
-
SHA256
e320703110bd60543200fb196309fa7611a6edbbd5c6483236498c04057306eb
-
SHA512
45e9b3d3e263e90358e980520dcbb201e30ab2bff221ff89416d831ce001f847922ce5535e72c8dd0a73d393102a7e8a37c2026c3182fa235855814ed4ddef33
-
SSDEEP
24576:qytVTzzv/HVeEwJWmiWS180apXmZLUOhiSE/fAypdB3kFE+iQq/SGFeVuxI:xrvzvmbFp2ZLUyan1pdFZQq/SGFeVu
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
e320703110bd60543200fb196309fa7611a6edbbd5c6483236498c04057306eb.bin
-
Size
1.5MB
-
MD5
924a443b45f37857dac34f1056951816
-
SHA1
f55da1aaa0b4e6ea8e60a1fcf6393bbbf019c2eb
-
SHA256
e320703110bd60543200fb196309fa7611a6edbbd5c6483236498c04057306eb
-
SHA512
45e9b3d3e263e90358e980520dcbb201e30ab2bff221ff89416d831ce001f847922ce5535e72c8dd0a73d393102a7e8a37c2026c3182fa235855814ed4ddef33
-
SSDEEP
24576:qytVTzzv/HVeEwJWmiWS180apXmZLUOhiSE/fAypdB3kFE+iQq/SGFeVuxI:xrvzvmbFp2ZLUyan1pdFZQq/SGFeVu
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-