General
-
Target
5e928e1288856cd5c5430f57d8c76bd11b0ff4f3d5cf0fdd382daad492880a54
-
Size
1.4MB
-
Sample
230507-c1zzqsee34
-
MD5
760589aca2c763c7c6494e3df408943c
-
SHA1
7d9eecd6ae4818c5b7a5ef707ea6bee0ae1ccf06
-
SHA256
5e928e1288856cd5c5430f57d8c76bd11b0ff4f3d5cf0fdd382daad492880a54
-
SHA512
f75b0813354f2b25137461bc13d4e616a0b56bc55b0a9bd3bc283e9bf5af4aa5aadf6cef2a0963b937c61c7a5683c46d872190b2afe22d032c21368e47ff52a5
-
SSDEEP
24576:nyTQEo0deVoVXaY3x4SH9z2ST2aKIQvtSCn0dYB7u18it66mYCriJ:yjo0deVUqY3xASTfgtSpYtu18irBA
Static task
static1
Behavioral task
behavioral1
Sample
5e928e1288856cd5c5430f57d8c76bd11b0ff4f3d5cf0fdd382daad492880a54.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5e928e1288856cd5c5430f57d8c76bd11b0ff4f3d5cf0fdd382daad492880a54.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5e928e1288856cd5c5430f57d8c76bd11b0ff4f3d5cf0fdd382daad492880a54
-
Size
1.4MB
-
MD5
760589aca2c763c7c6494e3df408943c
-
SHA1
7d9eecd6ae4818c5b7a5ef707ea6bee0ae1ccf06
-
SHA256
5e928e1288856cd5c5430f57d8c76bd11b0ff4f3d5cf0fdd382daad492880a54
-
SHA512
f75b0813354f2b25137461bc13d4e616a0b56bc55b0a9bd3bc283e9bf5af4aa5aadf6cef2a0963b937c61c7a5683c46d872190b2afe22d032c21368e47ff52a5
-
SSDEEP
24576:nyTQEo0deVoVXaY3x4SH9z2ST2aKIQvtSCn0dYB7u18it66mYCriJ:yjo0deVUqY3xASTfgtSpYtu18irBA
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-