General
-
Target
3db34dcd4ac0fb6c0d258f26bfe5a85e5dc17aa8bf967cf7c13b7f38055897bf.bin
-
Size
913KB
-
Sample
230506-1bn3yagb59
-
MD5
6f18fa40e8da6357abd6a2428d782cad
-
SHA1
d4f3db9e472e9d7a350629740851be3309da2b6d
-
SHA256
3db34dcd4ac0fb6c0d258f26bfe5a85e5dc17aa8bf967cf7c13b7f38055897bf
-
SHA512
92c2ad694fa6b3ccbd2653bafde778392a7ceee0b01d8b87b397fc6e161524af56c13dc2951708faa9ea144d5d46dd60709aa5d0ba811654b9410b77e3769496
-
SSDEEP
24576:yySrVoIruGgtMl/lJupWEXoXVY3IRauIoOCdpxRW:ZaVosuntk/lNguKIRnI5q
Malware Config
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
3db34dcd4ac0fb6c0d258f26bfe5a85e5dc17aa8bf967cf7c13b7f38055897bf.bin
-
Size
913KB
-
MD5
6f18fa40e8da6357abd6a2428d782cad
-
SHA1
d4f3db9e472e9d7a350629740851be3309da2b6d
-
SHA256
3db34dcd4ac0fb6c0d258f26bfe5a85e5dc17aa8bf967cf7c13b7f38055897bf
-
SHA512
92c2ad694fa6b3ccbd2653bafde778392a7ceee0b01d8b87b397fc6e161524af56c13dc2951708faa9ea144d5d46dd60709aa5d0ba811654b9410b77e3769496
-
SSDEEP
24576:yySrVoIruGgtMl/lJupWEXoXVY3IRauIoOCdpxRW:ZaVosuntk/lNguKIRnI5q
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-