General
-
Target
5e5cbd5a6557d146149b771a1b9e150bedc2328753b5c37f10a583961c3135cf.bin
-
Size
1.5MB
-
Sample
230507-c1nlpsed99
-
MD5
e4245f3cf0ca75b89369818589d1e650
-
SHA1
e9f2c879830f433f30674584819e6a578ebc59bf
-
SHA256
5e5cbd5a6557d146149b771a1b9e150bedc2328753b5c37f10a583961c3135cf
-
SHA512
6db91e32e17ce9130e416713436ac498a67662f8c68de60ee9c99c759ab41cd80384c402bbdc3971780affcb82625974cbd67624d1efa7de3a2c9657f59f10c7
-
SSDEEP
24576:GyxtUH6baH77b/yDSp0gSsLhRSsYNMOzblHwoIAHSJBjBpRoWHQVwG9KV2P:VxtaffrsSpP6vMOzhHwlAHGZBpRoThK
Static task
static1
Behavioral task
behavioral1
Sample
5e5cbd5a6557d146149b771a1b9e150bedc2328753b5c37f10a583961c3135cf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5e5cbd5a6557d146149b771a1b9e150bedc2328753b5c37f10a583961c3135cf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5e5cbd5a6557d146149b771a1b9e150bedc2328753b5c37f10a583961c3135cf.bin
-
Size
1.5MB
-
MD5
e4245f3cf0ca75b89369818589d1e650
-
SHA1
e9f2c879830f433f30674584819e6a578ebc59bf
-
SHA256
5e5cbd5a6557d146149b771a1b9e150bedc2328753b5c37f10a583961c3135cf
-
SHA512
6db91e32e17ce9130e416713436ac498a67662f8c68de60ee9c99c759ab41cd80384c402bbdc3971780affcb82625974cbd67624d1efa7de3a2c9657f59f10c7
-
SSDEEP
24576:GyxtUH6baH77b/yDSp0gSsLhRSsYNMOzblHwoIAHSJBjBpRoWHQVwG9KV2P:VxtaffrsSpP6vMOzhHwlAHGZBpRoThK
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-