General
-
Target
d9944fbbcf5cc8f4f993ca78e3fa85033fbaaacb54b545707ed6546a93af5cf4
-
Size
794KB
-
Sample
230507-h9fv4sfe91
-
MD5
fff775ccd0424e12e8495612c02e6ad5
-
SHA1
49a2c6fb79d4b76d627598ca42068171776a3982
-
SHA256
d9944fbbcf5cc8f4f993ca78e3fa85033fbaaacb54b545707ed6546a93af5cf4
-
SHA512
3e9a5e5a3405beb9d364442da56ac38e01d4a5e4a96a027a16efc6a7b940a299ba6ad7044485eb7849200c0175fdf165b10e3d035921ba759e91082fee5f6575
-
SSDEEP
24576:tybX2c+6nTGwqvPSTxdPJCaP+xizsCQapSdCguzD:Ibmc+eiwgPcLPJ1P+xwJau
Static task
static1
Behavioral task
behavioral1
Sample
d9944fbbcf5cc8f4f993ca78e3fa85033fbaaacb54b545707ed6546a93af5cf4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d9944fbbcf5cc8f4f993ca78e3fa85033fbaaacb54b545707ed6546a93af5cf4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dork
185.161.248.73:4164
-
auth_value
e81be7d6cfb453cc812e1b4890eeadad
Targets
-
-
Target
d9944fbbcf5cc8f4f993ca78e3fa85033fbaaacb54b545707ed6546a93af5cf4
-
Size
794KB
-
MD5
fff775ccd0424e12e8495612c02e6ad5
-
SHA1
49a2c6fb79d4b76d627598ca42068171776a3982
-
SHA256
d9944fbbcf5cc8f4f993ca78e3fa85033fbaaacb54b545707ed6546a93af5cf4
-
SHA512
3e9a5e5a3405beb9d364442da56ac38e01d4a5e4a96a027a16efc6a7b940a299ba6ad7044485eb7849200c0175fdf165b10e3d035921ba759e91082fee5f6575
-
SSDEEP
24576:tybX2c+6nTGwqvPSTxdPJCaP+xizsCQapSdCguzD:Ibmc+eiwgPcLPJ1P+xwJau
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-