General
-
Target
620c76595b820e9a6237559717fe1f9d3fde247a7c1b6e5f1127c14df885a82c.bin
-
Size
1.4MB
-
Sample
230507-c67a1agg7z
-
MD5
5c861fa7e8aa8e48c458ce7453352748
-
SHA1
6a131184636d6efbf0d9d705c7d5d547f1745863
-
SHA256
620c76595b820e9a6237559717fe1f9d3fde247a7c1b6e5f1127c14df885a82c
-
SHA512
ea89f6ec9c78136667cdc99e09d410875802d4ef586208873174cc13a990293c8afb50ee99f2ba0ae84c41540711fcb9e42ec668859eec45fe33b0cd6464f4d5
-
SSDEEP
24576:Ty3DuAnDD9qfk6ft6J/iYVhw8DIAu4YR1TtrlEy9gK8n6S83w5d4j6J3:myU/7qa1uZR1Tq56Sewjb
Static task
static1
Behavioral task
behavioral1
Sample
620c76595b820e9a6237559717fe1f9d3fde247a7c1b6e5f1127c14df885a82c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
620c76595b820e9a6237559717fe1f9d3fde247a7c1b6e5f1127c14df885a82c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
620c76595b820e9a6237559717fe1f9d3fde247a7c1b6e5f1127c14df885a82c.bin
-
Size
1.4MB
-
MD5
5c861fa7e8aa8e48c458ce7453352748
-
SHA1
6a131184636d6efbf0d9d705c7d5d547f1745863
-
SHA256
620c76595b820e9a6237559717fe1f9d3fde247a7c1b6e5f1127c14df885a82c
-
SHA512
ea89f6ec9c78136667cdc99e09d410875802d4ef586208873174cc13a990293c8afb50ee99f2ba0ae84c41540711fcb9e42ec668859eec45fe33b0cd6464f4d5
-
SSDEEP
24576:Ty3DuAnDD9qfk6ft6J/iYVhw8DIAu4YR1TtrlEy9gK8n6S83w5d4j6J3:myU/7qa1uZR1Tq56Sewjb
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-