General
-
Target
5ed392daaa42ef95bd7df6582454d30ab85dbd4d2b7f46ceb5d127f6e6367603.bin
-
Size
1.5MB
-
Sample
230507-c2d4naee59
-
MD5
626a9092313eaaee518cf01fb4d4fd46
-
SHA1
fbe5fea829104ed6e048bd494dcbfbc6c3ed9842
-
SHA256
5ed392daaa42ef95bd7df6582454d30ab85dbd4d2b7f46ceb5d127f6e6367603
-
SHA512
5b84e8c780d728c176e0612fad698c54f2b7199a09e9269a6bc997235444210dbc4983bd575d445aad076662d8caf7a43dd6e01c1e20674c1a5330b39ad24edf
-
SSDEEP
24576:KyDbRh5v3Yf5WT1tZyGmMA8dkY6jsEpgI5kuxWL0CDa93T1tzTQIUfYFnCvH:Rvl6Wpt4Gh5kYamI5ku4LUT1hqqG
Static task
static1
Behavioral task
behavioral1
Sample
5ed392daaa42ef95bd7df6582454d30ab85dbd4d2b7f46ceb5d127f6e6367603.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5ed392daaa42ef95bd7df6582454d30ab85dbd4d2b7f46ceb5d127f6e6367603.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5ed392daaa42ef95bd7df6582454d30ab85dbd4d2b7f46ceb5d127f6e6367603.bin
-
Size
1.5MB
-
MD5
626a9092313eaaee518cf01fb4d4fd46
-
SHA1
fbe5fea829104ed6e048bd494dcbfbc6c3ed9842
-
SHA256
5ed392daaa42ef95bd7df6582454d30ab85dbd4d2b7f46ceb5d127f6e6367603
-
SHA512
5b84e8c780d728c176e0612fad698c54f2b7199a09e9269a6bc997235444210dbc4983bd575d445aad076662d8caf7a43dd6e01c1e20674c1a5330b39ad24edf
-
SSDEEP
24576:KyDbRh5v3Yf5WT1tZyGmMA8dkY6jsEpgI5kuxWL0CDa93T1tzTQIUfYFnCvH:Rvl6Wpt4Gh5kYamI5ku4LUT1hqqG
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-