General
-
Target
3765e5a027328866312a6f27f6d02875.bin
-
Size
1.5MB
-
Sample
230506-z686xshf4v
-
MD5
846df44009355efb31bb16f4c8c31974
-
SHA1
57901527536b60b471c1c747795188ac9433a565
-
SHA256
cac17db0b0be3621497804e89adfd53a4ef81e486a3e2e9beb8ef5ef7fc0096f
-
SHA512
ecb57bc1d9ea3e7ade035a517f9aa4f7e247a1780301bce477cfca0e6d274f3ac4e14cc84257da18c2adcc7c4fdee5e7d99dfbbc2c7cc5b00431771efdde6b4b
-
SSDEEP
24576:xeHvieXWXSRG8oMF4KxwxO0xGIBWYfQFGVaFmXvr27IhctkWd/BDtkZDXpATv3cg:MyupoMFJeIe/kw6Bgz2Ltfd/BxkZTpU5
Malware Config
Extracted
redline
maza
185.161.248.73:4164
-
auth_value
474d54c1c2f5291290c53f8378acd684
Targets
-
-
Target
9a23b608d40c2409be16f02653f782b9bce18fc6e204efea3072c3bd60915715.exe
-
Size
1.5MB
-
MD5
3765e5a027328866312a6f27f6d02875
-
SHA1
88a999cfb8317430a887fc87ee4e243218583a30
-
SHA256
9a23b608d40c2409be16f02653f782b9bce18fc6e204efea3072c3bd60915715
-
SHA512
1b54958032e7ae9553118a2b264d0990871cda2c483871a69007299d345258b7bcba2f96142b433bbf621c5756ebbbdd12634e5276e048a8e961012864b3b309
-
SSDEEP
24576:eyBiX7WB+CjluuY6ckhEUHvEqCyzTGeACrbjUJMb9wPpyJm46fo3qLvZ:tBiXSBkuZl9cqC8TGPCrXUJOSM+/Lv
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-