General
-
Target
9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
-
Size
1.2MB
-
Sample
230507-fpvsesad25
-
MD5
2a6461d1a0897525597d3766a00a8a5c
-
SHA1
c1923c22f97e917a325d2ca55e1bb0f3a0437cc0
-
SHA256
9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
-
SHA512
dce95b2999c118d8a09a69e0b8ad903022c3993c11abe49fd8ea6c607f13954e7f8517cac9c5227b87a55cb3444eed2832a7fa410e0e450fa0a52d93f0d7f295
-
SSDEEP
24576:hyz8CsWyiKQ55wHxQXzMxWeR5YVtZ8FOl1unV:Uz8C5cU5WCITRSVL8mcn
Static task
static1
Behavioral task
behavioral1
Sample
9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
-
Size
1.2MB
-
MD5
2a6461d1a0897525597d3766a00a8a5c
-
SHA1
c1923c22f97e917a325d2ca55e1bb0f3a0437cc0
-
SHA256
9daa0616e332402aa95612c279737e0232fd9d401a09f075a8c26676e2f3b53f
-
SHA512
dce95b2999c118d8a09a69e0b8ad903022c3993c11abe49fd8ea6c607f13954e7f8517cac9c5227b87a55cb3444eed2832a7fa410e0e450fa0a52d93f0d7f295
-
SSDEEP
24576:hyz8CsWyiKQ55wHxQXzMxWeR5YVtZ8FOl1unV:Uz8C5cU5WCITRSVL8mcn
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-