General

  • Target

    14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72.bin

  • Size

    1.1MB

  • Sample

    230506-zeczeaef3z

  • MD5

    36a3777e08b966fdd66d5c070b6f54d5

  • SHA1

    9c9ad26cc6e47f5ac23e45baf13d6f532d4c39cc

  • SHA256

    14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72

  • SHA512

    57dbd3507a666b93331518b0f9f0515ca6cc598f2b500c1b304f34a08aee97b473ae765ad8cf27207d97dd613f8ee096a2cc6a6257072b1242328fd1ed04cb5b

  • SSDEEP

    24576:6yR86UF2qCvFXF1yAbL+wXDcHAsMtbBWXjfpc:BRMCt1vTOXj

Malware Config

Targets

    • Target

      14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72.bin

    • Size

      1.1MB

    • MD5

      36a3777e08b966fdd66d5c070b6f54d5

    • SHA1

      9c9ad26cc6e47f5ac23e45baf13d6f532d4c39cc

    • SHA256

      14e11455657658eaf638cbbfe56b106067cc96f213e0299bb182b2e11824ba72

    • SHA512

      57dbd3507a666b93331518b0f9f0515ca6cc598f2b500c1b304f34a08aee97b473ae765ad8cf27207d97dd613f8ee096a2cc6a6257072b1242328fd1ed04cb5b

    • SSDEEP

      24576:6yR86UF2qCvFXF1yAbL+wXDcHAsMtbBWXjfpc:BRMCt1vTOXj

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks