General

  • Target

    442364dd4c2586478d1ab21ebd89f73273389ab795dd6a82078c71e3f904777f.bin

  • Size

    697KB

  • Sample

    230506-1gagqsgf72

  • MD5

    53411b5e6c17d5bf08f8c8fbe519e7a2

  • SHA1

    19d6169aa2859ea566d5ab200d1c92654072f89f

  • SHA256

    442364dd4c2586478d1ab21ebd89f73273389ab795dd6a82078c71e3f904777f

  • SHA512

    a6a9389c03933214a2c63054e02f4ad49cb77af73904744b6f280ae702b32f9f9e2bbee27329d2b770ffd7056881085ffe762ed28493b9a276ec60140b9ab657

  • SSDEEP

    12288:Uy90+HQtK/n1bqDGOLd9N2z2d2Qf2QsZRhugHP0iDge77rqWU:UyzQAbyGOLHNzd2Qf2Hjr8Le77rjU

Malware Config

Targets

    • Target

      442364dd4c2586478d1ab21ebd89f73273389ab795dd6a82078c71e3f904777f.bin

    • Size

      697KB

    • MD5

      53411b5e6c17d5bf08f8c8fbe519e7a2

    • SHA1

      19d6169aa2859ea566d5ab200d1c92654072f89f

    • SHA256

      442364dd4c2586478d1ab21ebd89f73273389ab795dd6a82078c71e3f904777f

    • SHA512

      a6a9389c03933214a2c63054e02f4ad49cb77af73904744b6f280ae702b32f9f9e2bbee27329d2b770ffd7056881085ffe762ed28493b9a276ec60140b9ab657

    • SSDEEP

      12288:Uy90+HQtK/n1bqDGOLd9N2z2d2Qf2QsZRhugHP0iDge77rqWU:UyzQAbyGOLHNzd2Qf2Hjr8Le77rjU

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks