General
-
Target
238bffd7cbbbc3018957f86910aed7b0c15a7a57dcad64c94efadcca49b1a483.bin
-
Size
1.5MB
-
Sample
230506-zsxkzadh74
-
MD5
3e2d7c08eb5806c2473bcd2f30a1abe8
-
SHA1
736c2882cd937610dfe2e6f10ef3b4d0643efeb7
-
SHA256
238bffd7cbbbc3018957f86910aed7b0c15a7a57dcad64c94efadcca49b1a483
-
SHA512
ea470fada9d59bf8134463e875b0925ee60f03a9a87e24937059a2cc3d1436514bd17a90afec043e6cd71a5ddeb6bea83a3328e591e02ce586490195eeeb0b68
-
SSDEEP
24576:Dy5pu1NTvwtXT8vC5G/cGRBJrZ4Efh/C/xHOAGOW2cNk1Oumg/QvHTTKI8RD4Ob:W5U9vFvHcGRnrZ3fI5HOYe21egYvzTKr
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
238bffd7cbbbc3018957f86910aed7b0c15a7a57dcad64c94efadcca49b1a483.bin
-
Size
1.5MB
-
MD5
3e2d7c08eb5806c2473bcd2f30a1abe8
-
SHA1
736c2882cd937610dfe2e6f10ef3b4d0643efeb7
-
SHA256
238bffd7cbbbc3018957f86910aed7b0c15a7a57dcad64c94efadcca49b1a483
-
SHA512
ea470fada9d59bf8134463e875b0925ee60f03a9a87e24937059a2cc3d1436514bd17a90afec043e6cd71a5ddeb6bea83a3328e591e02ce586490195eeeb0b68
-
SSDEEP
24576:Dy5pu1NTvwtXT8vC5G/cGRBJrZ4Efh/C/xHOAGOW2cNk1Oumg/QvHTTKI8RD4Ob:W5U9vFvHcGRnrZ3fI5HOYe21egYvzTKr
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-