General
-
Target
4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8
-
Size
686KB
-
Sample
230507-cbnkeada91
-
MD5
3c621601ec170837b121300ec549fdfa
-
SHA1
45335d9e83de2198e7841d2eac51f048e87d6b98
-
SHA256
4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8
-
SHA512
6d1e0ba7aceceea2ab58e8fa0e68d047c76f54dd9047b78edc3daaaf886336014f4d9e069a7336416a3b8dedfde77bee3986fa33293d0593b45c5df5983d7032
-
SSDEEP
12288:Ay908z1WEkGc3gWaySF7yCSAx5EJOGuYX8159v2O6HPAo:AyZAEMQRxhSEGuo8L98HPAo
Malware Config
Targets
-
-
Target
4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8
-
Size
686KB
-
MD5
3c621601ec170837b121300ec549fdfa
-
SHA1
45335d9e83de2198e7841d2eac51f048e87d6b98
-
SHA256
4e8687bad988b784fb98e3ef60ee3b73931fe7516c8301c6cbbcc45ae933f6d8
-
SHA512
6d1e0ba7aceceea2ab58e8fa0e68d047c76f54dd9047b78edc3daaaf886336014f4d9e069a7336416a3b8dedfde77bee3986fa33293d0593b45c5df5983d7032
-
SSDEEP
12288:Ay908z1WEkGc3gWaySF7yCSAx5EJOGuYX8159v2O6HPAo:AyZAEMQRxhSEGuo8L98HPAo
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-