General
-
Target
532200885ba494518ae845bf21fdd08495e40350ae7425cc366d9fb4bcb27df5.bin
-
Size
775KB
-
Sample
230506-1tqpgsbh5z
-
MD5
e0a0df607e1013aea0028806391597be
-
SHA1
c37d66eb8eef33e9130864cf82dcba08f2656bb6
-
SHA256
532200885ba494518ae845bf21fdd08495e40350ae7425cc366d9fb4bcb27df5
-
SHA512
f9f034c4f9de4db219d5fe98032b4297ea30b58fdcc51510466e19ecb911adddf458d0659b11ab9e785cd6faa2b30e2af4658bc9d1f69884a8367ff8d57186c5
-
SSDEEP
12288:Iy90enFX4LMNTX9JcLCb2WBpWO67ycq1BVj9TFXEbwvC2xwh+E4s:Iynx4GX9ACBSFq1BVhTF0bwvC2fbs
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
532200885ba494518ae845bf21fdd08495e40350ae7425cc366d9fb4bcb27df5.bin
-
Size
775KB
-
MD5
e0a0df607e1013aea0028806391597be
-
SHA1
c37d66eb8eef33e9130864cf82dcba08f2656bb6
-
SHA256
532200885ba494518ae845bf21fdd08495e40350ae7425cc366d9fb4bcb27df5
-
SHA512
f9f034c4f9de4db219d5fe98032b4297ea30b58fdcc51510466e19ecb911adddf458d0659b11ab9e785cd6faa2b30e2af4658bc9d1f69884a8367ff8d57186c5
-
SSDEEP
12288:Iy90enFX4LMNTX9JcLCb2WBpWO67ycq1BVj9TFXEbwvC2xwh+E4s:Iynx4GX9ACBSFq1BVhTF0bwvC2fbs
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-