General
-
Target
2aac5886264489958ec9d7ab130039e6bfdbb3eabd87c8cbdb38d1d50b18ab67
-
Size
1.2MB
-
Sample
230506-zxz7naee29
-
MD5
bce9070fb44c7900e69a9f6fcedfcf0c
-
SHA1
73bbb68fdaf457ee47ea58cff8da939a4e7f50dd
-
SHA256
2aac5886264489958ec9d7ab130039e6bfdbb3eabd87c8cbdb38d1d50b18ab67
-
SHA512
7869c5d84bfb88956e55d53c42f1180faed6f8f98f36b0bee2a17122c61c4cb6606147e0a832b9897e2cc9abfeb98d3c94397320f52a2b69a4131c61f3f442f6
-
SSDEEP
24576:dy8+yG0chEaYcRMvGOnuGsvcSLeui3iPffUWTbXJ9Ct19IWkE3pV:48ghWCCTsjdEcbi9NkIp
Malware Config
Extracted
redline
luser
185.161.248.73:4164
-
auth_value
cf14a84de9a3b6b7b8981202f3b616fb
Targets
-
-
Target
2aac5886264489958ec9d7ab130039e6bfdbb3eabd87c8cbdb38d1d50b18ab67
-
Size
1.2MB
-
MD5
bce9070fb44c7900e69a9f6fcedfcf0c
-
SHA1
73bbb68fdaf457ee47ea58cff8da939a4e7f50dd
-
SHA256
2aac5886264489958ec9d7ab130039e6bfdbb3eabd87c8cbdb38d1d50b18ab67
-
SHA512
7869c5d84bfb88956e55d53c42f1180faed6f8f98f36b0bee2a17122c61c4cb6606147e0a832b9897e2cc9abfeb98d3c94397320f52a2b69a4131c61f3f442f6
-
SSDEEP
24576:dy8+yG0chEaYcRMvGOnuGsvcSLeui3iPffUWTbXJ9Ct19IWkE3pV:48ghWCCTsjdEcbi9NkIp
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-