General
-
Target
c23beaf53e006610ad69e2d722d0d36c79dc480f661f22d2f368115747f086b4
-
Size
1.2MB
-
Sample
230507-havj8ahd78
-
MD5
6c42e696b2c06b4342a6811d33c40a79
-
SHA1
e30981a54d0b0a994e19fb90e4fdbfd85e5e19fb
-
SHA256
c23beaf53e006610ad69e2d722d0d36c79dc480f661f22d2f368115747f086b4
-
SHA512
8c4791eb5e8f3889cba04cf23634ba2c067202427faa24e1b9c26c4742412566ce070e29c6be786744c73bf8962de0685c31e28b5cc2141a39c25990bfc52d16
-
SSDEEP
24576:oyQ0TTApMwlQvz5MKAtPa2O5FKUEYNeI6OaNoQEZh6NNcyp9YfwQnbntXfFp:vQgTOMIUz7GPhKZZN7VQE2Xp9YfwQnbN
Static task
static1
Behavioral task
behavioral1
Sample
c23beaf53e006610ad69e2d722d0d36c79dc480f661f22d2f368115747f086b4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c23beaf53e006610ad69e2d722d0d36c79dc480f661f22d2f368115747f086b4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
c23beaf53e006610ad69e2d722d0d36c79dc480f661f22d2f368115747f086b4
-
Size
1.2MB
-
MD5
6c42e696b2c06b4342a6811d33c40a79
-
SHA1
e30981a54d0b0a994e19fb90e4fdbfd85e5e19fb
-
SHA256
c23beaf53e006610ad69e2d722d0d36c79dc480f661f22d2f368115747f086b4
-
SHA512
8c4791eb5e8f3889cba04cf23634ba2c067202427faa24e1b9c26c4742412566ce070e29c6be786744c73bf8962de0685c31e28b5cc2141a39c25990bfc52d16
-
SSDEEP
24576:oyQ0TTApMwlQvz5MKAtPa2O5FKUEYNeI6OaNoQEZh6NNcyp9YfwQnbntXfFp:vQgTOMIUz7GPhKZZN7VQE2Xp9YfwQnbN
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-