Resubmissions

29-10-2024 12:54

241029-p5dzaavjbw 10

06-05-2023 23:47

230506-3tc5habf7v 10

General

  • Target

    1cc8de61685ced27317a99c7f04145f5a732bffa2a1bb062d5518d0165d5f9ba

  • Size

    1.2MB

  • Sample

    230506-3tc5habf7v

  • MD5

    a97748f56e8ebc584cb4e09f55419ec2

  • SHA1

    af7da012d6acb8a207487c4581a1b80eeaeb7a62

  • SHA256

    1cc8de61685ced27317a99c7f04145f5a732bffa2a1bb062d5518d0165d5f9ba

  • SHA512

    1d9759acb064ae17b4edcba626b7b26b1365e51eef19a422c9f660962ab2ad7cc41999e5832bdd2c988f9c68c8c3b6de3e1087acfe1492bd0afadae65ebbf153

  • SSDEEP

    24576:W0zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:W0zNUYjkCcPoJgK3ss+y4bN

Malware Config

Targets

    • Target

      1cc8de61685ced27317a99c7f04145f5a732bffa2a1bb062d5518d0165d5f9ba

    • Size

      1.2MB

    • MD5

      a97748f56e8ebc584cb4e09f55419ec2

    • SHA1

      af7da012d6acb8a207487c4581a1b80eeaeb7a62

    • SHA256

      1cc8de61685ced27317a99c7f04145f5a732bffa2a1bb062d5518d0165d5f9ba

    • SHA512

      1d9759acb064ae17b4edcba626b7b26b1365e51eef19a422c9f660962ab2ad7cc41999e5832bdd2c988f9c68c8c3b6de3e1087acfe1492bd0afadae65ebbf153

    • SSDEEP

      24576:W0zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:W0zNUYjkCcPoJgK3ss+y4bN

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks