General
-
Target
63178be5a12568c448d9a87fb4ae69b95be816010834ddf88e8e22733e1a6008.bin
-
Size
1.1MB
-
Sample
230506-15plkabd76
-
MD5
dc5420b498a1fe1a6eb1ff21fcd515fa
-
SHA1
c745967d488283d0bb54256e8a57b0548f2f5e65
-
SHA256
63178be5a12568c448d9a87fb4ae69b95be816010834ddf88e8e22733e1a6008
-
SHA512
98401163ed9ba680635b98846e48b7d32d7368d7d2426e3bbd9da278e00f0aa49c4df6ee1c0dcd515972c07cfa43021229d722e83a6ff768461463908809f93d
-
SSDEEP
24576:NyGnULr3ZUsYqEEQL2DERRUySnPfI/+oRCzzPW2RHBxZe6FkH8bsXNOMY:oGU1UsPQ9bUjHI2hza2RHjkcg9OM
Malware Config
Targets
-
-
Target
63178be5a12568c448d9a87fb4ae69b95be816010834ddf88e8e22733e1a6008.bin
-
Size
1.1MB
-
MD5
dc5420b498a1fe1a6eb1ff21fcd515fa
-
SHA1
c745967d488283d0bb54256e8a57b0548f2f5e65
-
SHA256
63178be5a12568c448d9a87fb4ae69b95be816010834ddf88e8e22733e1a6008
-
SHA512
98401163ed9ba680635b98846e48b7d32d7368d7d2426e3bbd9da278e00f0aa49c4df6ee1c0dcd515972c07cfa43021229d722e83a6ff768461463908809f93d
-
SSDEEP
24576:NyGnULr3ZUsYqEEQL2DERRUySnPfI/+oRCzzPW2RHBxZe6FkH8bsXNOMY:oGU1UsPQ9bUjHI2hza2RHjkcg9OM
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-