General
-
Target
6e2ae8e8723b71df11f76e4fae57dae70f6860b7a7414979ef7b112e01d1437e.bin
-
Size
618KB
-
Sample
230506-2ctv9acd85
-
MD5
d9f8bdc6c5d634c267850d777ee4a4bc
-
SHA1
b0e6bdddfe433803798f212fd1e2aef41271abbf
-
SHA256
6e2ae8e8723b71df11f76e4fae57dae70f6860b7a7414979ef7b112e01d1437e
-
SHA512
cfcb329f1ddd7348e2c36d6ac29e80f56815539ba1290d0415de3d1f05c60673d2b500e30624028c7b927a5b3a517b132523e4a005e7b2e9efc5d7bc1731b3bf
-
SSDEEP
12288:dfy90pUhD4XN55Isa5EazVByBSBVhsVdT24ZpAYjpq1m:dfyjDy5INXzVByszhsVdTJoSq1m
Malware Config
Targets
-
-
Target
6e2ae8e8723b71df11f76e4fae57dae70f6860b7a7414979ef7b112e01d1437e.bin
-
Size
618KB
-
MD5
d9f8bdc6c5d634c267850d777ee4a4bc
-
SHA1
b0e6bdddfe433803798f212fd1e2aef41271abbf
-
SHA256
6e2ae8e8723b71df11f76e4fae57dae70f6860b7a7414979ef7b112e01d1437e
-
SHA512
cfcb329f1ddd7348e2c36d6ac29e80f56815539ba1290d0415de3d1f05c60673d2b500e30624028c7b927a5b3a517b132523e4a005e7b2e9efc5d7bc1731b3bf
-
SSDEEP
12288:dfy90pUhD4XN55Isa5EazVByBSBVhsVdT24ZpAYjpq1m:dfyjDy5INXzVByszhsVdTJoSq1m
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-