General
-
Target
c2f093e9fe83ebf20d1fff99f1d88da26adc29d26d6e895926d4f74d586c8557
-
Size
774KB
-
Sample
230507-hbns3abd31
-
MD5
0ab78ae81b4e95c19f0dabfe217bba3e
-
SHA1
8cb41188ea3b609b5daa517f6b6de3c7ce6cf0c9
-
SHA256
c2f093e9fe83ebf20d1fff99f1d88da26adc29d26d6e895926d4f74d586c8557
-
SHA512
787564db9a95c13bad36df7ff9a4127538d53ff4267c2164d7c7e236e87ef03d114da1ef35980d6b69654d26ecce6df30cb7e6e57f9c646cd9f92dd6d0d93b4e
-
SSDEEP
24576:oy3wTTwMydOEIjh+AxvlsagbPGEw7k/sSOBs:v3wTEMydCv7AS7Gsx
Static task
static1
Behavioral task
behavioral1
Sample
c2f093e9fe83ebf20d1fff99f1d88da26adc29d26d6e895926d4f74d586c8557.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c2f093e9fe83ebf20d1fff99f1d88da26adc29d26d6e895926d4f74d586c8557.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
c2f093e9fe83ebf20d1fff99f1d88da26adc29d26d6e895926d4f74d586c8557
-
Size
774KB
-
MD5
0ab78ae81b4e95c19f0dabfe217bba3e
-
SHA1
8cb41188ea3b609b5daa517f6b6de3c7ce6cf0c9
-
SHA256
c2f093e9fe83ebf20d1fff99f1d88da26adc29d26d6e895926d4f74d586c8557
-
SHA512
787564db9a95c13bad36df7ff9a4127538d53ff4267c2164d7c7e236e87ef03d114da1ef35980d6b69654d26ecce6df30cb7e6e57f9c646cd9f92dd6d0d93b4e
-
SSDEEP
24576:oy3wTTwMydOEIjh+AxvlsagbPGEw7k/sSOBs:v3wTEMydCv7AS7Gsx
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-