General
-
Target
3b1ecb1388f8c830e5b60bf96664d36fa06fde3b18ab923dcf26e37ec0bfb8ae
-
Size
1.4MB
-
Sample
230506-z9yjlafh77
-
MD5
f53b1826ae79d2c5f94daf3b21e74723
-
SHA1
ce493847883de21232b530c3f5962a27705f25b0
-
SHA256
3b1ecb1388f8c830e5b60bf96664d36fa06fde3b18ab923dcf26e37ec0bfb8ae
-
SHA512
275464b628c8d688f2b80cead27dc32fe9909c31c6a359448c1b2df230242a02220ab24fb04badd22f088a12192db11d1563c1d93973570c9a06ff6de21f3e8b
-
SSDEEP
24576:7y3pkcv/Wd0Xc7aZDBt9eDKqFgjCVCNTrRTtrNlP+JG/kn/npWsHTGI:u3plv/00Xc7aZDN0gjgCNxTthZ+JG/T/
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
3b1ecb1388f8c830e5b60bf96664d36fa06fde3b18ab923dcf26e37ec0bfb8ae
-
Size
1.4MB
-
MD5
f53b1826ae79d2c5f94daf3b21e74723
-
SHA1
ce493847883de21232b530c3f5962a27705f25b0
-
SHA256
3b1ecb1388f8c830e5b60bf96664d36fa06fde3b18ab923dcf26e37ec0bfb8ae
-
SHA512
275464b628c8d688f2b80cead27dc32fe9909c31c6a359448c1b2df230242a02220ab24fb04badd22f088a12192db11d1563c1d93973570c9a06ff6de21f3e8b
-
SSDEEP
24576:7y3pkcv/Wd0Xc7aZDBt9eDKqFgjCVCNTrRTtrNlP+JG/kn/npWsHTGI:u3plv/00Xc7aZDN0gjgCNxTthZ+JG/T/
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-