General
-
Target
07da23b9aa46368ec03210670782e8fe34bc733ba6184c69bc0fa98a8cd2d338.bin
-
Size
998KB
-
Sample
230506-y4rcnabc26
-
MD5
36b259cc7f82e5771bfc00fd2d94b885
-
SHA1
0fbf7c4f6caafd33c6ef1844b7a239499e35ef00
-
SHA256
07da23b9aa46368ec03210670782e8fe34bc733ba6184c69bc0fa98a8cd2d338
-
SHA512
790a2d876eba3ae2dfaca21710f06b526a83980abd3afbf9bbaafa9e70bbcea47e7b489a48e5676cc7e7bef2fdd6a109435ed9481a681c153fd7e59fefeeb9c5
-
SSDEEP
24576:hyLgsllIlL7nKOGLSwLnc0SIGwErHCbytD70:ULgsizAS6c0jGwHbYD
Malware Config
Targets
-
-
Target
07da23b9aa46368ec03210670782e8fe34bc733ba6184c69bc0fa98a8cd2d338.bin
-
Size
998KB
-
MD5
36b259cc7f82e5771bfc00fd2d94b885
-
SHA1
0fbf7c4f6caafd33c6ef1844b7a239499e35ef00
-
SHA256
07da23b9aa46368ec03210670782e8fe34bc733ba6184c69bc0fa98a8cd2d338
-
SHA512
790a2d876eba3ae2dfaca21710f06b526a83980abd3afbf9bbaafa9e70bbcea47e7b489a48e5676cc7e7bef2fdd6a109435ed9481a681c153fd7e59fefeeb9c5
-
SSDEEP
24576:hyLgsllIlL7nKOGLSwLnc0SIGwErHCbytD70:ULgsizAS6c0jGwHbYD
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-