General
-
Target
4b0f88298337161370d5bf85f56bc490d607df2cb188ee1ffd6dccafc56641fe
-
Size
923KB
-
Sample
230506-1mgg8sbb9t
-
MD5
d8eb9014f0c809a4bfc159ec67e25339
-
SHA1
661c29cae41c0af5253c85bc56079c30ccca0cc0
-
SHA256
4b0f88298337161370d5bf85f56bc490d607df2cb188ee1ffd6dccafc56641fe
-
SHA512
f2f24a88c6db5581bc959332f24cb1383b6099f9c6b3e50e245d4d7100d427db3718eca1c29a5b2cc8d9ab12704d5b862b54c8c02cb71052a1902f1b5c5f0129
-
SSDEEP
24576:FyrrZDqMJgBJkqNrULRhKQPUIfmLJxLYoFzV:gnZDqE4PJShHP9mEox
Malware Config
Extracted
redline
lupa
217.196.96.56:4138
-
auth_value
fcb02fce9bc10c56a9841d56974bd7b8
Targets
-
-
Target
4b0f88298337161370d5bf85f56bc490d607df2cb188ee1ffd6dccafc56641fe
-
Size
923KB
-
MD5
d8eb9014f0c809a4bfc159ec67e25339
-
SHA1
661c29cae41c0af5253c85bc56079c30ccca0cc0
-
SHA256
4b0f88298337161370d5bf85f56bc490d607df2cb188ee1ffd6dccafc56641fe
-
SHA512
f2f24a88c6db5581bc959332f24cb1383b6099f9c6b3e50e245d4d7100d427db3718eca1c29a5b2cc8d9ab12704d5b862b54c8c02cb71052a1902f1b5c5f0129
-
SSDEEP
24576:FyrrZDqMJgBJkqNrULRhKQPUIfmLJxLYoFzV:gnZDqE4PJShHP9mEox
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-