General
-
Target
5e608f870359a209cd61003613d15b8263a4f79272867a603472abcccb394a25.bin
-
Size
1.5MB
-
Sample
230507-c1p5jagb2t
-
MD5
fc15500f849faf44530c24de34449f31
-
SHA1
ea304b76cd148c1486dbb5b324219f1d8b4486c7
-
SHA256
5e608f870359a209cd61003613d15b8263a4f79272867a603472abcccb394a25
-
SHA512
3e36a2212c6fbdbce2ad737164b090139ed46bff75b921454bc6ec918aa7538f7cba4ba941ac5b38d426b1ecc2f91cca36a300136ae5faa2a729112b8e7e54a4
-
SSDEEP
24576:Ty278Z2kh2Gr/4E1+tmCZ6DIrzzWFeHfbcGX1j/s6wPdWeL:m278Zws/Nctj8DITWkcGFrsF1
Static task
static1
Behavioral task
behavioral1
Sample
5e608f870359a209cd61003613d15b8263a4f79272867a603472abcccb394a25.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5e608f870359a209cd61003613d15b8263a4f79272867a603472abcccb394a25.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5e608f870359a209cd61003613d15b8263a4f79272867a603472abcccb394a25.bin
-
Size
1.5MB
-
MD5
fc15500f849faf44530c24de34449f31
-
SHA1
ea304b76cd148c1486dbb5b324219f1d8b4486c7
-
SHA256
5e608f870359a209cd61003613d15b8263a4f79272867a603472abcccb394a25
-
SHA512
3e36a2212c6fbdbce2ad737164b090139ed46bff75b921454bc6ec918aa7538f7cba4ba941ac5b38d426b1ecc2f91cca36a300136ae5faa2a729112b8e7e54a4
-
SSDEEP
24576:Ty278Z2kh2Gr/4E1+tmCZ6DIrzzWFeHfbcGX1j/s6wPdWeL:m278Zws/Nctj8DITWkcGFrsF1
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-