General
-
Target
621dcb9164d3122a6a0215e6c18bfebe7ff017282be3c95f4c0a192fbb8a2ec0.bin
-
Size
1.5MB
-
Sample
230507-c7bkqagg81
-
MD5
15f17dab133c841dedaea51c235c392c
-
SHA1
ec42950ae9fc8a45441d5e19441b79eedcfff2d7
-
SHA256
621dcb9164d3122a6a0215e6c18bfebe7ff017282be3c95f4c0a192fbb8a2ec0
-
SHA512
471ff80838ebf5e394d8ba02afd9c3a20cf252426d50096ae29033ee3c89f348a79f62c52dc38e268f52d6fda5942b9b1a7b1cba98cfd7a6e6a41228df55e233
-
SSDEEP
24576:0ygfIMav4OaU62ybl5rojjFHoaDQOES28SF/hnurhZIoy7JjpqNeDWmtA6PWTfBJ:DrFvF6DbTUdHoaORl5uNhDcA6PU1xYx
Static task
static1
Behavioral task
behavioral1
Sample
621dcb9164d3122a6a0215e6c18bfebe7ff017282be3c95f4c0a192fbb8a2ec0.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
621dcb9164d3122a6a0215e6c18bfebe7ff017282be3c95f4c0a192fbb8a2ec0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
621dcb9164d3122a6a0215e6c18bfebe7ff017282be3c95f4c0a192fbb8a2ec0.bin
-
Size
1.5MB
-
MD5
15f17dab133c841dedaea51c235c392c
-
SHA1
ec42950ae9fc8a45441d5e19441b79eedcfff2d7
-
SHA256
621dcb9164d3122a6a0215e6c18bfebe7ff017282be3c95f4c0a192fbb8a2ec0
-
SHA512
471ff80838ebf5e394d8ba02afd9c3a20cf252426d50096ae29033ee3c89f348a79f62c52dc38e268f52d6fda5942b9b1a7b1cba98cfd7a6e6a41228df55e233
-
SSDEEP
24576:0ygfIMav4OaU62ybl5rojjFHoaDQOES28SF/hnurhZIoy7JjpqNeDWmtA6PWTfBJ:DrFvF6DbTUdHoaORl5uNhDcA6PU1xYx
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-