General

  • Target

    409bec3a7ade14b4afde539d6bbbe36d9c3aaff2796da953cc96ff37f7e8f57c.bin

  • Size

    690KB

  • Sample

    230506-1dxsvsgd55

  • MD5

    bedec3f68e81c94687011bd42826fa30

  • SHA1

    d9330ea0651fe8dc507bf875731226e23e20aecd

  • SHA256

    409bec3a7ade14b4afde539d6bbbe36d9c3aaff2796da953cc96ff37f7e8f57c

  • SHA512

    40c632f546d9d6170cbecbbed902edd499a4629802a6f8bece11c0cdad2abf82882ea57c1a11e9553fbde7d791ab3ae98fb613c410ebaf9cc04425dd28968c63

  • SSDEEP

    12288:Py90w95D1XSpkeYUA4LHfMI7Bwh74ZQIJoM00yK12VB9Kl2CiEMjiJEV:Pyx5pckeYUA4LfnKhLPMTyS2+diZ+K

Malware Config

Targets

    • Target

      409bec3a7ade14b4afde539d6bbbe36d9c3aaff2796da953cc96ff37f7e8f57c.bin

    • Size

      690KB

    • MD5

      bedec3f68e81c94687011bd42826fa30

    • SHA1

      d9330ea0651fe8dc507bf875731226e23e20aecd

    • SHA256

      409bec3a7ade14b4afde539d6bbbe36d9c3aaff2796da953cc96ff37f7e8f57c

    • SHA512

      40c632f546d9d6170cbecbbed902edd499a4629802a6f8bece11c0cdad2abf82882ea57c1a11e9553fbde7d791ab3ae98fb613c410ebaf9cc04425dd28968c63

    • SSDEEP

      12288:Py90w95D1XSpkeYUA4LHfMI7Bwh74ZQIJoM00yK12VB9Kl2CiEMjiJEV:Pyx5pckeYUA4LfnKhLPMTyS2+diZ+K

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks