General
-
Target
65d26f6cd54b18510409856afc1b2871b0a240f3befc7799f18a7b9fbe183920.bin
-
Size
1.1MB
-
Sample
230506-17hwssbf93
-
MD5
cb146e25f33bb1cb6b1b003c56bd5248
-
SHA1
fd3752c676723d33866740508b0a21f2153a5ce7
-
SHA256
65d26f6cd54b18510409856afc1b2871b0a240f3befc7799f18a7b9fbe183920
-
SHA512
d1a9471c9e45abaa4132e59cb6fbc4161a6965d2460180be7d8994e6e63a59a8edd2c2c3d661a4b48dc4d63fa18c1ce94f2d4c1f7d22f49498eefb1d1a6a3749
-
SSDEEP
24576:3yYYqdCmA4gPFfpt8GlEN1uarH3Q3tMGjXVNrpwWzz:CYngNfptrKu+Hg3tpbr7
Malware Config
Targets
-
-
Target
65d26f6cd54b18510409856afc1b2871b0a240f3befc7799f18a7b9fbe183920.bin
-
Size
1.1MB
-
MD5
cb146e25f33bb1cb6b1b003c56bd5248
-
SHA1
fd3752c676723d33866740508b0a21f2153a5ce7
-
SHA256
65d26f6cd54b18510409856afc1b2871b0a240f3befc7799f18a7b9fbe183920
-
SHA512
d1a9471c9e45abaa4132e59cb6fbc4161a6965d2460180be7d8994e6e63a59a8edd2c2c3d661a4b48dc4d63fa18c1ce94f2d4c1f7d22f49498eefb1d1a6a3749
-
SSDEEP
24576:3yYYqdCmA4gPFfpt8GlEN1uarH3Q3tMGjXVNrpwWzz:CYngNfptrKu+Hg3tpbr7
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-