General
-
Target
3775e7cd36ab4efe0ba40b94bdc489c81e7bd0b2beec70d8ec0b816c53d1160c.bin
-
Size
1.5MB
-
Sample
230506-z7a1hsff29
-
MD5
fd67ff18ddfc1d4c27c4e209a79c4980
-
SHA1
87e265f16b64b4e8aea647431b0e8cb041c2ebaa
-
SHA256
3775e7cd36ab4efe0ba40b94bdc489c81e7bd0b2beec70d8ec0b816c53d1160c
-
SHA512
803cbb1ef0e02455bb657355ebc8857c5f05532086d1b60ddc5983ff3dd56ac20d50f183e4b29a7202dd07b0b9078c026f783a658a3b56508b924e18343c7c15
-
SSDEEP
24576:8yxP4YHlQR0Y+PL5HLpEgFwdOL36ljC1hBGSG8jhu/s5oGN3jvJ88kLrR/H1:rxP44lO0YbdWKt2hsSBjh24z3jB8vLrF
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
3775e7cd36ab4efe0ba40b94bdc489c81e7bd0b2beec70d8ec0b816c53d1160c.bin
-
Size
1.5MB
-
MD5
fd67ff18ddfc1d4c27c4e209a79c4980
-
SHA1
87e265f16b64b4e8aea647431b0e8cb041c2ebaa
-
SHA256
3775e7cd36ab4efe0ba40b94bdc489c81e7bd0b2beec70d8ec0b816c53d1160c
-
SHA512
803cbb1ef0e02455bb657355ebc8857c5f05532086d1b60ddc5983ff3dd56ac20d50f183e4b29a7202dd07b0b9078c026f783a658a3b56508b924e18343c7c15
-
SSDEEP
24576:8yxP4YHlQR0Y+PL5HLpEgFwdOL36ljC1hBGSG8jhu/s5oGN3jvJ88kLrR/H1:rxP44lO0YbdWKt2hsSBjh24z3jB8vLrF
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-