General
-
Target
FCC6630A3781BC584F63448D62E3AEAB8C1B7287115CD.exe
-
Size
2.4MB
-
Sample
230505-zelasadf68
-
MD5
b39a7bc324162d5bbe0ebb53c5f72a74
-
SHA1
1c3cb0cba6b2aca973aed18953bf394c96aadddd
-
SHA256
fcc6630a3781bc584f63448d62e3aeab8c1b7287115cddf06edb4a88a4a7c060
-
SHA512
72a8de9c826aff66f11ca849652d291a5cccf317830d8b6dc063c446a6982e2efc416a933a6a071448d26102aa1d2e5f4bad264c46abdb57d00e132ab87aaef9
-
SSDEEP
24576:W3Sui5m+5yX+RNFlnRgyuMnb9310oUUS/qnwpJDQgbf2Ma9yzncNsJPsHah+uAAw:cQNFRLgXD2NkznzAviKVCvbRN/sp
Static task
static1
Behavioral task
behavioral1
Sample
FCC6630A3781BC584F63448D62E3AEAB8C1B7287115CD.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
new1
hfiepqnsyosb.top:81
fhgerbugjreqnhfegrb.top:81
-
auth_value
3a3079db884153e24cc7bde3453aec7a
Targets
-
-
Target
FCC6630A3781BC584F63448D62E3AEAB8C1B7287115CD.exe
-
Size
2.4MB
-
MD5
b39a7bc324162d5bbe0ebb53c5f72a74
-
SHA1
1c3cb0cba6b2aca973aed18953bf394c96aadddd
-
SHA256
fcc6630a3781bc584f63448d62e3aeab8c1b7287115cddf06edb4a88a4a7c060
-
SHA512
72a8de9c826aff66f11ca849652d291a5cccf317830d8b6dc063c446a6982e2efc416a933a6a071448d26102aa1d2e5f4bad264c46abdb57d00e132ab87aaef9
-
SSDEEP
24576:W3Sui5m+5yX+RNFlnRgyuMnb9310oUUS/qnwpJDQgbf2Ma9yzncNsJPsHah+uAAw:cQNFRLgXD2NkznzAviKVCvbRN/sp
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-