General
-
Target
14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72.bin
-
Size
1.1MB
-
Sample
230506-zeczeaef3z
-
MD5
36a3777e08b966fdd66d5c070b6f54d5
-
SHA1
9c9ad26cc6e47f5ac23e45baf13d6f532d4c39cc
-
SHA256
14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72
-
SHA512
57dbd3507a666b93331518b0f9f0515ca6cc598f2b500c1b304f34a08aee97b473ae765ad8cf27207d97dd613f8ee096a2cc6a6257072b1242328fd1ed04cb5b
-
SSDEEP
24576:6yR86UF2qCvFXF1yAbL+wXDcHAsMtbBWXjfpc:BRMCt1vTOXj
Static task
static1
Behavioral task
behavioral1
Sample
14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72.bin
-
Size
1.1MB
-
MD5
36a3777e08b966fdd66d5c070b6f54d5
-
SHA1
9c9ad26cc6e47f5ac23e45baf13d6f532d4c39cc
-
SHA256
14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72
-
SHA512
57dbd3507a666b93331518b0f9f0515ca6cc598f2b500c1b304f34a08aee97b473ae765ad8cf27207d97dd613f8ee096a2cc6a6257072b1242328fd1ed04cb5b
-
SSDEEP
24576:6yR86UF2qCvFXF1yAbL+wXDcHAsMtbBWXjfpc:BRMCt1vTOXj
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-