General
-
Target
dd51d1724cc568e49c4f620639483eb7f90f937e2b9d5ec96f1f808ccf0effa0
-
Size
1.2MB
-
Sample
230507-jelzbaee74
-
MD5
b290160f8b7bdaa55ca794da61287729
-
SHA1
5428a65786c385d589013fb9b114973452a5f05d
-
SHA256
dd51d1724cc568e49c4f620639483eb7f90f937e2b9d5ec96f1f808ccf0effa0
-
SHA512
ed5fde31907f17b7b56ddf24c545d4e8e5c87ca1c6dd897c464157fb945c10e4e1ab82aaa7ecea3218d61d4db7d4add09364dccb3c1fe11a362671526e48e63d
-
SSDEEP
24576:/yCgzLI9nIKfgBaskX7RPp0rsYHffqiUTLOxmDcdBRDyI:KCgzLIXoo1rL+/fVG6xJBo
Static task
static1
Behavioral task
behavioral1
Sample
dd51d1724cc568e49c4f620639483eb7f90f937e2b9d5ec96f1f808ccf0effa0.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dd51d1724cc568e49c4f620639483eb7f90f937e2b9d5ec96f1f808ccf0effa0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
dd51d1724cc568e49c4f620639483eb7f90f937e2b9d5ec96f1f808ccf0effa0
-
Size
1.2MB
-
MD5
b290160f8b7bdaa55ca794da61287729
-
SHA1
5428a65786c385d589013fb9b114973452a5f05d
-
SHA256
dd51d1724cc568e49c4f620639483eb7f90f937e2b9d5ec96f1f808ccf0effa0
-
SHA512
ed5fde31907f17b7b56ddf24c545d4e8e5c87ca1c6dd897c464157fb945c10e4e1ab82aaa7ecea3218d61d4db7d4add09364dccb3c1fe11a362671526e48e63d
-
SSDEEP
24576:/yCgzLI9nIKfgBaskX7RPp0rsYHffqiUTLOxmDcdBRDyI:KCgzLIXoo1rL+/fVG6xJBo
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-