General
-
Target
606311606eec52b4ba576af15f424b66f82b186770c7f0a195969f23f69144d8
-
Size
867KB
-
Sample
230507-c4ne4sge3s
-
MD5
efaec4bc4ed305691d4c43128832fe5c
-
SHA1
f27f89484f20c4057046f1744adcb73480159d52
-
SHA256
606311606eec52b4ba576af15f424b66f82b186770c7f0a195969f23f69144d8
-
SHA512
4c5160a3085f4d6386adbab17ff133246332031e1968508eb0256f2891850587b04209d006486962ce657f3cc333e5c5ac74b16a27fdb0512474457630b0117e
-
SSDEEP
24576:CyaosOxc1UqoHXILCHB2s+wYj33lA0peEFmQU:pI/UqoHXECHYXjnl1peE
Static task
static1
Behavioral task
behavioral1
Sample
606311606eec52b4ba576af15f424b66f82b186770c7f0a195969f23f69144d8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
606311606eec52b4ba576af15f424b66f82b186770c7f0a195969f23f69144d8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
606311606eec52b4ba576af15f424b66f82b186770c7f0a195969f23f69144d8
-
Size
867KB
-
MD5
efaec4bc4ed305691d4c43128832fe5c
-
SHA1
f27f89484f20c4057046f1744adcb73480159d52
-
SHA256
606311606eec52b4ba576af15f424b66f82b186770c7f0a195969f23f69144d8
-
SHA512
4c5160a3085f4d6386adbab17ff133246332031e1968508eb0256f2891850587b04209d006486962ce657f3cc333e5c5ac74b16a27fdb0512474457630b0117e
-
SSDEEP
24576:CyaosOxc1UqoHXILCHB2s+wYj33lA0peEFmQU:pI/UqoHXECHYXjnl1peE
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-