General
-
Target
6a0d447056e3d1bdbbf631046b5be701d55ee716e67ecb5eededc71e5fe8b82f
-
Size
479KB
-
Sample
230506-198v1adh2v
-
MD5
fe94615b3722f2cbfdb15a9f45eb3bcc
-
SHA1
403c5c83145f09117726ea2fc5aa8b21b8a21fea
-
SHA256
6a0d447056e3d1bdbbf631046b5be701d55ee716e67ecb5eededc71e5fe8b82f
-
SHA512
d4f6c53df168b8f2f60bc4093fac376ceba766324c5bd94b1d3a482a9c9ddace72b07701c4df5d4798eee3f3c1b7e2efcb26ab3f7475c9e3a1da41a4a1f2c97f
-
SSDEEP
6144:KBy+bnr+9p0yN90QEXb2A6ybyXDE+Och5GSySOupA7bBP9ZWWCZoWbFb5cT3:rMrhy90czE+z5/ySOupAB30hbk
Malware Config
Targets
-
-
Target
6a0d447056e3d1bdbbf631046b5be701d55ee716e67ecb5eededc71e5fe8b82f
-
Size
479KB
-
MD5
fe94615b3722f2cbfdb15a9f45eb3bcc
-
SHA1
403c5c83145f09117726ea2fc5aa8b21b8a21fea
-
SHA256
6a0d447056e3d1bdbbf631046b5be701d55ee716e67ecb5eededc71e5fe8b82f
-
SHA512
d4f6c53df168b8f2f60bc4093fac376ceba766324c5bd94b1d3a482a9c9ddace72b07701c4df5d4798eee3f3c1b7e2efcb26ab3f7475c9e3a1da41a4a1f2c97f
-
SSDEEP
6144:KBy+bnr+9p0yN90QEXb2A6ybyXDE+Och5GSySOupA7bBP9ZWWCZoWbFb5cT3:rMrhy90czE+z5/ySOupAB30hbk
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-