Resubmissions

29-10-2024 14:07

241029-re6ygswcmh 10

07-05-2023 06:53

230507-hnxazach5w 10

General

  • Target

    cbb377550aa4560e976bc8efd8f39309ee69594bf3823efa2d21d821fee3efe8

  • Size

    1.5MB

  • Sample

    230507-hnxazach5w

  • MD5

    ad39b7a2270e3b6fbf5a6dd50f48a487

  • SHA1

    c1491b19e448b7afcada102b6e447989b3ea32ca

  • SHA256

    cbb377550aa4560e976bc8efd8f39309ee69594bf3823efa2d21d821fee3efe8

  • SHA512

    acb9dc0bd603c8fe3062fb2eacaad0321625c56c1fc23482e8f174daf7654591c2ce21fae04a4db82c317c376602ffc372c9e85615380c7af1dd0c6faf7661eb

  • SSDEEP

    49152:IyHUdnAePtIm60ohZseZBMRH5G6V7OQniE:xHUdn3Gm60ZmBMpg6VC8iE

Malware Config

Targets

    • Target

      cbb377550aa4560e976bc8efd8f39309ee69594bf3823efa2d21d821fee3efe8

    • Size

      1.5MB

    • MD5

      ad39b7a2270e3b6fbf5a6dd50f48a487

    • SHA1

      c1491b19e448b7afcada102b6e447989b3ea32ca

    • SHA256

      cbb377550aa4560e976bc8efd8f39309ee69594bf3823efa2d21d821fee3efe8

    • SHA512

      acb9dc0bd603c8fe3062fb2eacaad0321625c56c1fc23482e8f174daf7654591c2ce21fae04a4db82c317c376602ffc372c9e85615380c7af1dd0c6faf7661eb

    • SSDEEP

      49152:IyHUdnAePtIm60ohZseZBMRH5G6V7OQniE:xHUdn3Gm60ZmBMpg6VC8iE

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks