General
-
Target
49a1d3a00139f48a8bc095134281b23658871b270c028073bafb8841cb4b111f
-
Size
1.5MB
-
Sample
230506-1lc4esba9z
-
MD5
4d07c08fcf70ce1d3fd15611c172a1c1
-
SHA1
9c9f9fa7de7c5cf2c0fefa53aaff1b49a798e619
-
SHA256
49a1d3a00139f48a8bc095134281b23658871b270c028073bafb8841cb4b111f
-
SHA512
d0eb488dc71cdccc55398c774c4efb290a65a83691fe839602e81186701089914e24cd82d6979b9a0323e60ab789acabc0491c97c4c783209b733da516020af0
-
SSDEEP
24576:RyuwrCtnOmirhtdIGKlYTJFZJEC3QudujLrYJudlv7qil3o4bvk+hVPku4ZW:E1C3MAWjjJQuCrYoTvnlfvkGcx
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
49a1d3a00139f48a8bc095134281b23658871b270c028073bafb8841cb4b111f
-
Size
1.5MB
-
MD5
4d07c08fcf70ce1d3fd15611c172a1c1
-
SHA1
9c9f9fa7de7c5cf2c0fefa53aaff1b49a798e619
-
SHA256
49a1d3a00139f48a8bc095134281b23658871b270c028073bafb8841cb4b111f
-
SHA512
d0eb488dc71cdccc55398c774c4efb290a65a83691fe839602e81186701089914e24cd82d6979b9a0323e60ab789acabc0491c97c4c783209b733da516020af0
-
SSDEEP
24576:RyuwrCtnOmirhtdIGKlYTJFZJEC3QudujLrYJudlv7qil3o4bvk+hVPku4ZW:E1C3MAWjjJQuCrYoTvnlfvkGcx
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-