General
-
Target
5e5c3d71262fc5994191464aa09a9a2b5cd3eb3eb87b27a7cad8fd605567f162.bin
-
Size
1.5MB
-
Sample
230507-c1mz6sed98
-
MD5
0da28ecad645ea9080b3ede74fc5554a
-
SHA1
395d8f237f92f4e4e18990d58415d4560d1cd018
-
SHA256
5e5c3d71262fc5994191464aa09a9a2b5cd3eb3eb87b27a7cad8fd605567f162
-
SHA512
f9447bcfa04b2935f86141509b07fe898d166a1a2ae1ff47db3f3aac686e23bf06489529c48e293df969a2eb72e3ec8d155b8ba4da75478c8c0141bf1c955c29
-
SSDEEP
24576:Oyg69qrO9hYZZeMtwVB8KgtHdIgfHcm/TqNfkOR5va/pO5lih:dg7iTmXwr87tHdvfH3bAMORipOz
Static task
static1
Behavioral task
behavioral1
Sample
5e5c3d71262fc5994191464aa09a9a2b5cd3eb3eb87b27a7cad8fd605567f162.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5e5c3d71262fc5994191464aa09a9a2b5cd3eb3eb87b27a7cad8fd605567f162.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5e5c3d71262fc5994191464aa09a9a2b5cd3eb3eb87b27a7cad8fd605567f162.bin
-
Size
1.5MB
-
MD5
0da28ecad645ea9080b3ede74fc5554a
-
SHA1
395d8f237f92f4e4e18990d58415d4560d1cd018
-
SHA256
5e5c3d71262fc5994191464aa09a9a2b5cd3eb3eb87b27a7cad8fd605567f162
-
SHA512
f9447bcfa04b2935f86141509b07fe898d166a1a2ae1ff47db3f3aac686e23bf06489529c48e293df969a2eb72e3ec8d155b8ba4da75478c8c0141bf1c955c29
-
SSDEEP
24576:Oyg69qrO9hYZZeMtwVB8KgtHdIgfHcm/TqNfkOR5va/pO5lih:dg7iTmXwr87tHdvfH3bAMORipOz
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-