General
-
Target
5cc38e7a1d61afb0599b4734f32d1ed4aceb87181c1300ac8c6c431a9ccc530e.bin
-
Size
1.5MB
-
Sample
230507-cx9prseb58
-
MD5
a4740b24b7aa880af5e57b415381c6b4
-
SHA1
bf862774db6d9beec5869408b25ab74773955606
-
SHA256
5cc38e7a1d61afb0599b4734f32d1ed4aceb87181c1300ac8c6c431a9ccc530e
-
SHA512
09b42595c40e6b20347a7ba81b215e5442f3cf5fc11aff2eda2df7c49bb5c13f7f29c8222b19e54beac070f341eeb10ed3e21a295cfa805a51f5f0768a43a537
-
SSDEEP
24576:1ya+I2w8KdOj5tq4+SZSVu3n9lCx6dL1BSu/HO5NrClarZv7W4+Jjc:Qa+ID8K54bEVM9lCxiL1B/vQ+E
Static task
static1
Behavioral task
behavioral1
Sample
5cc38e7a1d61afb0599b4734f32d1ed4aceb87181c1300ac8c6c431a9ccc530e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5cc38e7a1d61afb0599b4734f32d1ed4aceb87181c1300ac8c6c431a9ccc530e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5cc38e7a1d61afb0599b4734f32d1ed4aceb87181c1300ac8c6c431a9ccc530e.bin
-
Size
1.5MB
-
MD5
a4740b24b7aa880af5e57b415381c6b4
-
SHA1
bf862774db6d9beec5869408b25ab74773955606
-
SHA256
5cc38e7a1d61afb0599b4734f32d1ed4aceb87181c1300ac8c6c431a9ccc530e
-
SHA512
09b42595c40e6b20347a7ba81b215e5442f3cf5fc11aff2eda2df7c49bb5c13f7f29c8222b19e54beac070f341eeb10ed3e21a295cfa805a51f5f0768a43a537
-
SSDEEP
24576:1ya+I2w8KdOj5tq4+SZSVu3n9lCx6dL1BSu/HO5NrClarZv7W4+Jjc:Qa+ID8K54bEVM9lCxiL1B/vQ+E
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-