General
-
Target
efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
-
Size
1.2MB
-
Sample
230507-j81pkabg7v
-
MD5
96eae8be1b3792540da3007213b973b6
-
SHA1
a04773fdeec1ccfadcf34911167c2e3801b65f88
-
SHA256
efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
-
SHA512
5eaf912b933b8e797f352f177d0b0febe9d29ffd9764b4c58173ad9a90d1ba19dfdd39209fb56ead8521a5b82478eff5e5b84d20adc6317e61df71db6bb8c7f4
-
SSDEEP
24576:LywySlEXKNfuhB5Tiisba8Mitzbjze4MsSo4WGPKYl2gMgKe:+w/vfug3aupS4j+Pvl2gM
Static task
static1
Behavioral task
behavioral1
Sample
efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
-
Size
1.2MB
-
MD5
96eae8be1b3792540da3007213b973b6
-
SHA1
a04773fdeec1ccfadcf34911167c2e3801b65f88
-
SHA256
efb553ae6e0ad8d6ed144dc7895e56266c06f6bbd961c5b53fb4f6a356907b17
-
SHA512
5eaf912b933b8e797f352f177d0b0febe9d29ffd9764b4c58173ad9a90d1ba19dfdd39209fb56ead8521a5b82478eff5e5b84d20adc6317e61df71db6bb8c7f4
-
SSDEEP
24576:LywySlEXKNfuhB5Tiisba8Mitzbjze4MsSo4WGPKYl2gMgKe:+w/vfug3aupS4j+Pvl2gM
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-