General
-
Target
6013f8da39ad14aeebaf5da0b47a7b263494482ed034ab9594d0f03c86769199.bin
-
Size
1.5MB
-
Sample
230507-c37glagd61
-
MD5
294c68f78d021215839d4d47e1831417
-
SHA1
524c82f41d84b902744af28b3838e841b5d9f47e
-
SHA256
6013f8da39ad14aeebaf5da0b47a7b263494482ed034ab9594d0f03c86769199
-
SHA512
8921a6ea1d52678eef7a1a0c4cf98993a985986fd4bf4a68ee44e74066baf2cd3a3c5e7108525dad11aae4feed17a98575acbdc12d356a5594d54899317a5c6e
-
SSDEEP
24576:EyY7GOUei+Rr2DEQL0UTNC4BlbU9V/Hf1yeqWw4OI+8C88AGjc:TpT4BYE6q9V/f1yeSbIR8f
Static task
static1
Behavioral task
behavioral1
Sample
6013f8da39ad14aeebaf5da0b47a7b263494482ed034ab9594d0f03c86769199.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6013f8da39ad14aeebaf5da0b47a7b263494482ed034ab9594d0f03c86769199.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
6013f8da39ad14aeebaf5da0b47a7b263494482ed034ab9594d0f03c86769199.bin
-
Size
1.5MB
-
MD5
294c68f78d021215839d4d47e1831417
-
SHA1
524c82f41d84b902744af28b3838e841b5d9f47e
-
SHA256
6013f8da39ad14aeebaf5da0b47a7b263494482ed034ab9594d0f03c86769199
-
SHA512
8921a6ea1d52678eef7a1a0c4cf98993a985986fd4bf4a68ee44e74066baf2cd3a3c5e7108525dad11aae4feed17a98575acbdc12d356a5594d54899317a5c6e
-
SSDEEP
24576:EyY7GOUei+Rr2DEQL0UTNC4BlbU9V/Hf1yeqWw4OI+8C88AGjc:TpT4BYE6q9V/f1yeSbIR8f
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-