General
-
Target
f88707f4eb4cd5cbe3601891afa8d7b4720d05e68b9657a418bd2a65e514972d.bin
-
Size
618KB
-
Sample
230505-zb7dvadd49
-
MD5
f90b61e794beda203213421d79172ccd
-
SHA1
24c4050f341a6de75c07cd39e86c68e47d1e8b77
-
SHA256
f88707f4eb4cd5cbe3601891afa8d7b4720d05e68b9657a418bd2a65e514972d
-
SHA512
9ae89b9cfdccee65ea0c27ecd1a72464dbd20129a2e5e7acd595b440fead608bcea73e03cbe4699737b77287910602b3f4b9c118b55bb54f7731c78022a1784d
-
SSDEEP
12288:cy90l8fOmzPMxZVYj0oKgovNHsS199wkcsOAhsVHTH2FR2J38PuLn:cyaJXceggNHsSIsPhsVHTH27GLn
Malware Config
Targets
-
-
Target
f88707f4eb4cd5cbe3601891afa8d7b4720d05e68b9657a418bd2a65e514972d.bin
-
Size
618KB
-
MD5
f90b61e794beda203213421d79172ccd
-
SHA1
24c4050f341a6de75c07cd39e86c68e47d1e8b77
-
SHA256
f88707f4eb4cd5cbe3601891afa8d7b4720d05e68b9657a418bd2a65e514972d
-
SHA512
9ae89b9cfdccee65ea0c27ecd1a72464dbd20129a2e5e7acd595b440fead608bcea73e03cbe4699737b77287910602b3f4b9c118b55bb54f7731c78022a1784d
-
SSDEEP
12288:cy90l8fOmzPMxZVYj0oKgovNHsS199wkcsOAhsVHTH2FR2J38PuLn:cyaJXceggNHsSIsPhsVHTH27GLn
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-