General
-
Target
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5
-
Size
1.9MB
-
Sample
230507-ap5dzaea6v
-
MD5
73ce5f094321f2683b7846397b3d5a8c
-
SHA1
d17102bc9d37a5ff9506dfbf94d0608378fae2c6
-
SHA256
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5
-
SHA512
20eac921ba5dbc25ac0b751c768540fb3d54b4b359ce638dd7168bf57e12c0450a1b42db0c90b59be49c84fad289ee5e7b5e3ac683d66664d0d5f1adccc89c8e
-
SSDEEP
24576:oDlxLeM+sLqZS62SiyY4TWKaJTXogjqpn5WMAw3FKvKvPoxBoOux5lUA4X+he6P2:K3Ci334noyvnbzJ8eF
Static task
static1
Behavioral task
behavioral1
Sample
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
isabelaflores.fun:7000
ServicesMutex_qwqdanchun
-
delay
240
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5
-
Size
1.9MB
-
MD5
73ce5f094321f2683b7846397b3d5a8c
-
SHA1
d17102bc9d37a5ff9506dfbf94d0608378fae2c6
-
SHA256
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5
-
SHA512
20eac921ba5dbc25ac0b751c768540fb3d54b4b359ce638dd7168bf57e12c0450a1b42db0c90b59be49c84fad289ee5e7b5e3ac683d66664d0d5f1adccc89c8e
-
SSDEEP
24576:oDlxLeM+sLqZS62SiyY4TWKaJTXogjqpn5WMAw3FKvKvPoxBoOux5lUA4X+he6P2:K3Ci334noyvnbzJ8eF
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-