General
-
Target
4ff751d4867f10d1a6944aa8b0512737b60bd8eb21ffff171079b0f5e0ec558d
-
Size
308KB
-
Sample
230507-cdp61sdd51
-
MD5
2da438a60544c1c1eaa9cfcef092246c
-
SHA1
ca934cfcd472d371b576c795970c2725309617fa
-
SHA256
4ff751d4867f10d1a6944aa8b0512737b60bd8eb21ffff171079b0f5e0ec558d
-
SHA512
8d2c67205b69bd8bac36943b370b32319b3f6736dd12f3ab4311957790cca902106a14b8209146f6780c6d8395238e64c3ca9ef8a5fa42755a7ae72e26d97aa7
-
SSDEEP
6144:qbp0yN90QE/v5BOtMb9Plz/jAxFizkHfs6WHIOS:ry90xvISKFmJ6WHY
Static task
static1
Behavioral task
behavioral1
Sample
4ff751d4867f10d1a6944aa8b0512737b60bd8eb21ffff171079b0f5e0ec558d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4ff751d4867f10d1a6944aa8b0512737b60bd8eb21ffff171079b0f5e0ec558d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
donka
185.161.248.73:4164
-
auth_value
ebd13e189a2e7c34425e5f4c46bb7a55
Targets
-
-
Target
4ff751d4867f10d1a6944aa8b0512737b60bd8eb21ffff171079b0f5e0ec558d
-
Size
308KB
-
MD5
2da438a60544c1c1eaa9cfcef092246c
-
SHA1
ca934cfcd472d371b576c795970c2725309617fa
-
SHA256
4ff751d4867f10d1a6944aa8b0512737b60bd8eb21ffff171079b0f5e0ec558d
-
SHA512
8d2c67205b69bd8bac36943b370b32319b3f6736dd12f3ab4311957790cca902106a14b8209146f6780c6d8395238e64c3ca9ef8a5fa42755a7ae72e26d97aa7
-
SSDEEP
6144:qbp0yN90QE/v5BOtMb9Plz/jAxFizkHfs6WHIOS:ry90xvISKFmJ6WHY
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-