General
-
Target
c713cddb64d648ac6691977f82aa1e6b717ba926d48e76cc68cc216908ad4d58
-
Size
1.2MB
-
Sample
230507-hgxyxsca9t
-
MD5
6301ec697a51be48bd817a59bced1249
-
SHA1
0d4d59a8e86863ec17c981f1e77b63b36cc99379
-
SHA256
c713cddb64d648ac6691977f82aa1e6b717ba926d48e76cc68cc216908ad4d58
-
SHA512
db6dd83b5277edcd58b8664af4389f8e105956f9d1b80f4a2bb79cfbc8e3ccecee405fa93208ae65101291596132a24ea87eebcdce4d63ec9e486f2ba1297221
-
SSDEEP
24576:ayCLIt7JbrFAtKnl0R3M5pAszePhEoZ42WdOslHId3tXI1A:hC0tlbx/lu+pkPe8WdLHIddY
Static task
static1
Behavioral task
behavioral1
Sample
c713cddb64d648ac6691977f82aa1e6b717ba926d48e76cc68cc216908ad4d58.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c713cddb64d648ac6691977f82aa1e6b717ba926d48e76cc68cc216908ad4d58.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
c713cddb64d648ac6691977f82aa1e6b717ba926d48e76cc68cc216908ad4d58
-
Size
1.2MB
-
MD5
6301ec697a51be48bd817a59bced1249
-
SHA1
0d4d59a8e86863ec17c981f1e77b63b36cc99379
-
SHA256
c713cddb64d648ac6691977f82aa1e6b717ba926d48e76cc68cc216908ad4d58
-
SHA512
db6dd83b5277edcd58b8664af4389f8e105956f9d1b80f4a2bb79cfbc8e3ccecee405fa93208ae65101291596132a24ea87eebcdce4d63ec9e486f2ba1297221
-
SSDEEP
24576:ayCLIt7JbrFAtKnl0R3M5pAszePhEoZ42WdOslHId3tXI1A:hC0tlbx/lu+pkPe8WdLHIddY
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-