General
-
Target
060ab8886c368c3f36070b042eaa2a625f8d3206ad931b7922bb2d919a83c277
-
Size
1.2MB
-
Sample
230506-y2vx3adc8w
-
MD5
65801f4ca5f825e3535c9b15eebfc061
-
SHA1
fb02567098428daae54edaa035ffe8c2814e4c17
-
SHA256
060ab8886c368c3f36070b042eaa2a625f8d3206ad931b7922bb2d919a83c277
-
SHA512
4579cfdc4d81677690a9356fb3af8cd5d0f9dc2d5dea31680ab72117526d74713b8d3f196ce9c47bbb63aabd20b878620e04df289f2510f8a1d543dcb85c300d
-
SSDEEP
24576:2ynnoqpSzGXvuxaWwGkLLDwip+mEBv7K/LKATeT3Ys/Nv0oQpT62hx+MYlgo+6:FnoWAUaaWDkLLB34v7K/LKr3Xxp2hx+1
Malware Config
Extracted
redline
luser
185.161.248.73:4164
-
auth_value
cf14a84de9a3b6b7b8981202f3b616fb
Targets
-
-
Target
060ab8886c368c3f36070b042eaa2a625f8d3206ad931b7922bb2d919a83c277
-
Size
1.2MB
-
MD5
65801f4ca5f825e3535c9b15eebfc061
-
SHA1
fb02567098428daae54edaa035ffe8c2814e4c17
-
SHA256
060ab8886c368c3f36070b042eaa2a625f8d3206ad931b7922bb2d919a83c277
-
SHA512
4579cfdc4d81677690a9356fb3af8cd5d0f9dc2d5dea31680ab72117526d74713b8d3f196ce9c47bbb63aabd20b878620e04df289f2510f8a1d543dcb85c300d
-
SSDEEP
24576:2ynnoqpSzGXvuxaWwGkLLDwip+mEBv7K/LKATeT3Ys/Nv0oQpT62hx+MYlgo+6:FnoWAUaaWDkLLB34v7K/LKr3Xxp2hx+1
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-