General
-
Target
752bad7f9db3a50f6c30ea93a07a7f15db83058f05c3dc6444ee55c7547edbe8
-
Size
563KB
-
Sample
230507-d11fyacd4w
-
MD5
17e9e251e5acbbd36f8aabce1727175e
-
SHA1
eea502431fbd081875d3e19f6d9123fd443bbe79
-
SHA256
752bad7f9db3a50f6c30ea93a07a7f15db83058f05c3dc6444ee55c7547edbe8
-
SHA512
78eb60d13c4a577d9c3741f63d47a67ceb123c419059f1d3f55a452244947a5b459b3f012c7ec66c8d6561f6a1301ac4d2983976ecc7a06ab94991e07d238d1d
-
SSDEEP
12288:oy90bdAYkJxYO2KWRZI8Uzf0PjunMnUr8nGg6x/:oyKdLkfYOvWPAsPj6MUuQx/
Malware Config
Targets
-
-
Target
752bad7f9db3a50f6c30ea93a07a7f15db83058f05c3dc6444ee55c7547edbe8
-
Size
563KB
-
MD5
17e9e251e5acbbd36f8aabce1727175e
-
SHA1
eea502431fbd081875d3e19f6d9123fd443bbe79
-
SHA256
752bad7f9db3a50f6c30ea93a07a7f15db83058f05c3dc6444ee55c7547edbe8
-
SHA512
78eb60d13c4a577d9c3741f63d47a67ceb123c419059f1d3f55a452244947a5b459b3f012c7ec66c8d6561f6a1301ac4d2983976ecc7a06ab94991e07d238d1d
-
SSDEEP
12288:oy90bdAYkJxYO2KWRZI8Uzf0PjunMnUr8nGg6x/:oyKdLkfYOvWPAsPj6MUuQx/
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-