General
-
Target
edcaf7ccc949d81a24ef9d2f91d49958a8ea61522b3c6d99f06d668876d30312
-
Size
1.2MB
-
Sample
230507-j54baabd6x
-
MD5
d98c0508f72f6ee9b4f837a24bb40371
-
SHA1
ff54fe31df492938adaa896498a69b0a1dbf73ba
-
SHA256
edcaf7ccc949d81a24ef9d2f91d49958a8ea61522b3c6d99f06d668876d30312
-
SHA512
c1310398b7689d82fb7d7d40657b0fe41d052af302ed3279f2570accd7e5e4a26aea5086a15f08eedf8bac737d73b31149bc628e75e30a4747889465bd392754
-
SSDEEP
24576:0y3Ro3fMIcqXMdh8NA8r5Ro6WT3H9IT0ZWW0g/YozK254x/SXP5iHRXkbv:D3RovTXeh3ERQ5pGgAzT/S/gp
Static task
static1
Behavioral task
behavioral1
Sample
edcaf7ccc949d81a24ef9d2f91d49958a8ea61522b3c6d99f06d668876d30312.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
edcaf7ccc949d81a24ef9d2f91d49958a8ea61522b3c6d99f06d668876d30312.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
edcaf7ccc949d81a24ef9d2f91d49958a8ea61522b3c6d99f06d668876d30312
-
Size
1.2MB
-
MD5
d98c0508f72f6ee9b4f837a24bb40371
-
SHA1
ff54fe31df492938adaa896498a69b0a1dbf73ba
-
SHA256
edcaf7ccc949d81a24ef9d2f91d49958a8ea61522b3c6d99f06d668876d30312
-
SHA512
c1310398b7689d82fb7d7d40657b0fe41d052af302ed3279f2570accd7e5e4a26aea5086a15f08eedf8bac737d73b31149bc628e75e30a4747889465bd392754
-
SSDEEP
24576:0y3Ro3fMIcqXMdh8NA8r5Ro6WT3H9IT0ZWW0g/YozK254x/SXP5iHRXkbv:D3RovTXeh3ERQ5pGgAzT/S/gp
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-