General
-
Target
c8a76a6cb8efb8091209b2761b0d86d532a589f7d2faa116e54fb73017b0ebfd
-
Size
1.2MB
-
Sample
230507-hjqbvsaf35
-
MD5
c472a0ea2a16c34b083705ebae362dd4
-
SHA1
4c35813a8e75456131d29c2001a9826e6250e10d
-
SHA256
c8a76a6cb8efb8091209b2761b0d86d532a589f7d2faa116e54fb73017b0ebfd
-
SHA512
4a0c81dade206636567d61f2b151d974e9563d492bf05152200afbd98cd5f160dccd4158d495807cf2d9797495e8c24ca80ebaa4e118a54d05083bef3b979e5a
-
SSDEEP
24576:NyZebpjmCXuNlAMdJLKTw3+os5ox+0HZEhij2Wzns2z4R4FDE8bCcGN97Aj:oZe1jpuNlAMisuCx+hipsGvDM1/
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
c8a76a6cb8efb8091209b2761b0d86d532a589f7d2faa116e54fb73017b0ebfd
-
Size
1.2MB
-
MD5
c472a0ea2a16c34b083705ebae362dd4
-
SHA1
4c35813a8e75456131d29c2001a9826e6250e10d
-
SHA256
c8a76a6cb8efb8091209b2761b0d86d532a589f7d2faa116e54fb73017b0ebfd
-
SHA512
4a0c81dade206636567d61f2b151d974e9563d492bf05152200afbd98cd5f160dccd4158d495807cf2d9797495e8c24ca80ebaa4e118a54d05083bef3b979e5a
-
SSDEEP
24576:NyZebpjmCXuNlAMdJLKTw3+os5ox+0HZEhij2Wzns2z4R4FDE8bCcGN97Aj:oZe1jpuNlAMisuCx+hipsGvDM1/
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-