General
-
Target
014a9e8fbdb3f7117e8324da41bd3bb68b97e24cf6740a5020ff9dc74e4255b1
-
Size
967KB
-
Sample
230506-2hc5paeg6v
-
MD5
1c9f861298e4440ff01f1bb04334c18d
-
SHA1
d59e78023ac56060ac185fce4d51bc52826a6fac
-
SHA256
014a9e8fbdb3f7117e8324da41bd3bb68b97e24cf6740a5020ff9dc74e4255b1
-
SHA512
59c9da1e6090d5ead987226cb773d207b51668fde010a84ecc24d4437c70cc26b81ca41898b05ba1ced98db39fdf36e826cd0059fe901eae12f84ce3d515fc92
-
SSDEEP
12288:By90s6yTKb1k1QGVJuQ7sM46pVYHmztBg+BP0qu08wMqs/9t2VpNsGSfiLUWuSCM:ByJnKbDf16f6mZBg+BNT8w77AIirM
Malware Config
Targets
-
-
Target
014a9e8fbdb3f7117e8324da41bd3bb68b97e24cf6740a5020ff9dc74e4255b1
-
Size
967KB
-
MD5
1c9f861298e4440ff01f1bb04334c18d
-
SHA1
d59e78023ac56060ac185fce4d51bc52826a6fac
-
SHA256
014a9e8fbdb3f7117e8324da41bd3bb68b97e24cf6740a5020ff9dc74e4255b1
-
SHA512
59c9da1e6090d5ead987226cb773d207b51668fde010a84ecc24d4437c70cc26b81ca41898b05ba1ced98db39fdf36e826cd0059fe901eae12f84ce3d515fc92
-
SSDEEP
12288:By90s6yTKb1k1QGVJuQ7sM46pVYHmztBg+BP0qu08wMqs/9t2VpNsGSfiLUWuSCM:ByJnKbDf16f6mZBg+BNT8w77AIirM
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-