General
-
Target
006c5c25000b2c8222ba70daefcb8d33b99f3d29bc59c6eed2ae78c55a9927cb.bin
-
Size
775KB
-
Sample
230506-2gel5aef7t
-
MD5
395a88090f82b3e3f2f01d52558b77a0
-
SHA1
ae842d66ed5cdb738d8b15c91ef8360c7f7f4f09
-
SHA256
006c5c25000b2c8222ba70daefcb8d33b99f3d29bc59c6eed2ae78c55a9927cb
-
SHA512
855f9388b8485ccb6f3d61150748e76351bd82b75d47941aad42ba0c47daf457572cd04e5c620bf17b01d5852de6cb554c10434c5ecf0957fbe10fed0f11c127
-
SSDEEP
12288:qy90PUd3tgcEZFI1yurCzSSpdO6/6c21tiWbaAKcjLvuSqFb:qy+Ud+youRud21tiX0vFqFb
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
006c5c25000b2c8222ba70daefcb8d33b99f3d29bc59c6eed2ae78c55a9927cb.bin
-
Size
775KB
-
MD5
395a88090f82b3e3f2f01d52558b77a0
-
SHA1
ae842d66ed5cdb738d8b15c91ef8360c7f7f4f09
-
SHA256
006c5c25000b2c8222ba70daefcb8d33b99f3d29bc59c6eed2ae78c55a9927cb
-
SHA512
855f9388b8485ccb6f3d61150748e76351bd82b75d47941aad42ba0c47daf457572cd04e5c620bf17b01d5852de6cb554c10434c5ecf0957fbe10fed0f11c127
-
SSDEEP
12288:qy90PUd3tgcEZFI1yurCzSSpdO6/6c21tiWbaAKcjLvuSqFb:qy+Ud+youRud21tiX0vFqFb
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-