General
-
Target
02b399e67b88aa5b4bdead8bd4ac57b17de584b539260e845bdb5da9da1e8806.bin
-
Size
1.1MB
-
Sample
230506-yyy6bada2x
-
MD5
c61e43e2d851216bcdf8b74a726a2fc4
-
SHA1
12dad0d7e22f39314f36cf57c12a7ce78ab85074
-
SHA256
02b399e67b88aa5b4bdead8bd4ac57b17de584b539260e845bdb5da9da1e8806
-
SHA512
b1dc8ebcb7e8f87fe5753211b4f5a7996ff3172952621d023bde58e4f06c0369a9c74e9db6f0ceb76411408c1831148df67dc51abda7fe4e05addf840e634270
-
SSDEEP
24576:5yyr7wiWuyQEFBkQdktCui+Udon6QnQkUSLkmNJ6cWg2RWyw3G:sqzMQoytK+Udmd2R83WgnP3
Static task
static1
Behavioral task
behavioral1
Sample
02b399e67b88aa5b4bdead8bd4ac57b17de584b539260e845bdb5da9da1e8806.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
02b399e67b88aa5b4bdead8bd4ac57b17de584b539260e845bdb5da9da1e8806.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
02b399e67b88aa5b4bdead8bd4ac57b17de584b539260e845bdb5da9da1e8806.bin
-
Size
1.1MB
-
MD5
c61e43e2d851216bcdf8b74a726a2fc4
-
SHA1
12dad0d7e22f39314f36cf57c12a7ce78ab85074
-
SHA256
02b399e67b88aa5b4bdead8bd4ac57b17de584b539260e845bdb5da9da1e8806
-
SHA512
b1dc8ebcb7e8f87fe5753211b4f5a7996ff3172952621d023bde58e4f06c0369a9c74e9db6f0ceb76411408c1831148df67dc51abda7fe4e05addf840e634270
-
SSDEEP
24576:5yyr7wiWuyQEFBkQdktCui+Udon6QnQkUSLkmNJ6cWg2RWyw3G:sqzMQoytK+Udmd2R83WgnP3
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-