General

  • Target

    4a5234530705c3c8a9a30432099e9fa615d6bf146eb44b17f5225852293ed12f.bin

  • Size

    1.0MB

  • Sample

    230506-1lwwjabb5v

  • MD5

    5219bf1acd2b63dac8d181066d540c1d

  • SHA1

    13a0461c159cfb7455dcd0f9b41ab2d427b07f94

  • SHA256

    4a5234530705c3c8a9a30432099e9fa615d6bf146eb44b17f5225852293ed12f

  • SHA512

    4435ed7d9554e139f0f1bd236c60d3b8d2071a53b2b28e12858630295a13bbcf27afcffe64c8d30054b49f8c6a1cb73574732d88454b578aaef8c3614ade9f44

  • SSDEEP

    24576:cybqeQ8JEh+GiN22iX5Ud01WWGgS126NPscEIl43maAM:LbpJoiMzX5UqABgS12OqiaA

Malware Config

Targets

    • Target

      4a5234530705c3c8a9a30432099e9fa615d6bf146eb44b17f5225852293ed12f.bin

    • Size

      1.0MB

    • MD5

      5219bf1acd2b63dac8d181066d540c1d

    • SHA1

      13a0461c159cfb7455dcd0f9b41ab2d427b07f94

    • SHA256

      4a5234530705c3c8a9a30432099e9fa615d6bf146eb44b17f5225852293ed12f

    • SHA512

      4435ed7d9554e139f0f1bd236c60d3b8d2071a53b2b28e12858630295a13bbcf27afcffe64c8d30054b49f8c6a1cb73574732d88454b578aaef8c3614ade9f44

    • SSDEEP

      24576:cybqeQ8JEh+GiN22iX5Ud01WWGgS126NPscEIl43maAM:LbpJoiMzX5UqABgS12OqiaA

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks