General
-
Target
d26510f4f3a141bf3c8e60cbb7262027600e9ab7cf4a789ebb57651ad0bbc7d6
-
Size
1.2MB
-
Sample
230507-hy8fzsce22
-
MD5
5d53e9726917ea93c583e8cf6c0743eb
-
SHA1
9d6c2ffa6710d28721e414fa78d8097367f4c3d2
-
SHA256
d26510f4f3a141bf3c8e60cbb7262027600e9ab7cf4a789ebb57651ad0bbc7d6
-
SHA512
d8f363927e5ed8bd103d453233b806353d9779f9cc3d322c3e2487dcfe454c7290120e4f39959a91edcd1ce724f09789f33eb5adff6c1ccaf898513bfb5dbd13
-
SSDEEP
24576:kyKbmL3rFncK52isf1G3sPZvu+5Jz14wCOLZqvw:zKbs3rFRwHA34vbfz14wCOL6
Static task
static1
Behavioral task
behavioral1
Sample
d26510f4f3a141bf3c8e60cbb7262027600e9ab7cf4a789ebb57651ad0bbc7d6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d26510f4f3a141bf3c8e60cbb7262027600e9ab7cf4a789ebb57651ad0bbc7d6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
d26510f4f3a141bf3c8e60cbb7262027600e9ab7cf4a789ebb57651ad0bbc7d6
-
Size
1.2MB
-
MD5
5d53e9726917ea93c583e8cf6c0743eb
-
SHA1
9d6c2ffa6710d28721e414fa78d8097367f4c3d2
-
SHA256
d26510f4f3a141bf3c8e60cbb7262027600e9ab7cf4a789ebb57651ad0bbc7d6
-
SHA512
d8f363927e5ed8bd103d453233b806353d9779f9cc3d322c3e2487dcfe454c7290120e4f39959a91edcd1ce724f09789f33eb5adff6c1ccaf898513bfb5dbd13
-
SSDEEP
24576:kyKbmL3rFncK52isf1G3sPZvu+5Jz14wCOLZqvw:zKbs3rFRwHA34vbfz14wCOL6
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-