General
-
Target
61c673018101e86da0c3e94a014f6d7d1bbc12000dea287f6a464478c7293b90.bin
-
Size
1.5MB
-
Sample
230507-c6wjhagg5s
-
MD5
97c129e09c5c4ea7bd5286b4033751e1
-
SHA1
cfd477ad7fa25e5adbd44ad32478a5e9e98c83b7
-
SHA256
61c673018101e86da0c3e94a014f6d7d1bbc12000dea287f6a464478c7293b90
-
SHA512
219c4c76bc587f7612daba110eef0e16aa8b9b9f298a48089cdfb7ac48849dcb52d9bf9bf4b1d825c2ce8cd72d877322636a4c11c63eae1da039ac7641eb26f2
-
SSDEEP
24576:byOjz4RCshjKPbxS9xOP0tqIhLLkT6D1PpdSqetq+VGtLX1erlQhvqFm:OmERCo2DxSvO8tJBLkT57qUWX1SEvqF
Static task
static1
Behavioral task
behavioral1
Sample
61c673018101e86da0c3e94a014f6d7d1bbc12000dea287f6a464478c7293b90.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
61c673018101e86da0c3e94a014f6d7d1bbc12000dea287f6a464478c7293b90.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
61c673018101e86da0c3e94a014f6d7d1bbc12000dea287f6a464478c7293b90.bin
-
Size
1.5MB
-
MD5
97c129e09c5c4ea7bd5286b4033751e1
-
SHA1
cfd477ad7fa25e5adbd44ad32478a5e9e98c83b7
-
SHA256
61c673018101e86da0c3e94a014f6d7d1bbc12000dea287f6a464478c7293b90
-
SHA512
219c4c76bc587f7612daba110eef0e16aa8b9b9f298a48089cdfb7ac48849dcb52d9bf9bf4b1d825c2ce8cd72d877322636a4c11c63eae1da039ac7641eb26f2
-
SSDEEP
24576:byOjz4RCshjKPbxS9xOP0tqIhLLkT6D1PpdSqetq+VGtLX1erlQhvqFm:OmERCo2DxSvO8tJBLkT57qUWX1SEvqF
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-