General
-
Target
48502d871b14a575a961ec417407b2e55aadb2f5b0af0d214be7e57f3ada0609.bin
-
Size
1.2MB
-
Sample
230506-1kaa5sha58
-
MD5
6f649e371948c8f13ebd2ed3b7cdae04
-
SHA1
9eb9b925a948064f9f04483e9a0db7d1282a2d6b
-
SHA256
48502d871b14a575a961ec417407b2e55aadb2f5b0af0d214be7e57f3ada0609
-
SHA512
2b1581ac09bd31ae1cda266ed41dd945f21f8c8c33865a633f02a97b7806cc10517ef8cfabafdec5d8ed938ca5c78df5a4b5ba68942406a97b9dd6ccb2016ea7
-
SSDEEP
24576:UyTeP6Ep8pKRxvVw++h4Jpj0IMX4A7Xl5QFOLBNqNLPr6WjkkUWsN:jTZEupKJ+iohXnzQFOLTqNLPr6WgkUWs
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
48502d871b14a575a961ec417407b2e55aadb2f5b0af0d214be7e57f3ada0609.bin
-
Size
1.2MB
-
MD5
6f649e371948c8f13ebd2ed3b7cdae04
-
SHA1
9eb9b925a948064f9f04483e9a0db7d1282a2d6b
-
SHA256
48502d871b14a575a961ec417407b2e55aadb2f5b0af0d214be7e57f3ada0609
-
SHA512
2b1581ac09bd31ae1cda266ed41dd945f21f8c8c33865a633f02a97b7806cc10517ef8cfabafdec5d8ed938ca5c78df5a4b5ba68942406a97b9dd6ccb2016ea7
-
SSDEEP
24576:UyTeP6Ep8pKRxvVw++h4Jpj0IMX4A7Xl5QFOLBNqNLPr6WjkkUWsN:jTZEupKJ+iohXnzQFOLTqNLPr6WgkUWs
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-