General
-
Target
de95ba87ea4249ee59628a0001e5feed707f6b09c30b3cf1078b8e3ab835f0e5
-
Size
1.2MB
-
Sample
230507-jf6ecagd9z
-
MD5
bcb0015297f95e1469fc5637cc08172b
-
SHA1
d9b3da2ca90f2c888ba2446a017f8faf175869b0
-
SHA256
de95ba87ea4249ee59628a0001e5feed707f6b09c30b3cf1078b8e3ab835f0e5
-
SHA512
7e9427d68fe509ff94820843575be35a6bf3800d49a68f9aa94eee6bea41f07e93e780c67044f59f7dbb066563172b72f2ee63715ed3f7b5e3f238c8430f9c55
-
SSDEEP
24576:Gyx7gJ+1JVoUxpHIadYLKK3j/mIXOXLcOQ3PJtAW17b7zuZPQQc+3pM2WNVekg4I:Vx7JVfxphGjerXLYV17bCPQdpNAzE
Static task
static1
Behavioral task
behavioral1
Sample
de95ba87ea4249ee59628a0001e5feed707f6b09c30b3cf1078b8e3ab835f0e5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
de95ba87ea4249ee59628a0001e5feed707f6b09c30b3cf1078b8e3ab835f0e5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
de95ba87ea4249ee59628a0001e5feed707f6b09c30b3cf1078b8e3ab835f0e5
-
Size
1.2MB
-
MD5
bcb0015297f95e1469fc5637cc08172b
-
SHA1
d9b3da2ca90f2c888ba2446a017f8faf175869b0
-
SHA256
de95ba87ea4249ee59628a0001e5feed707f6b09c30b3cf1078b8e3ab835f0e5
-
SHA512
7e9427d68fe509ff94820843575be35a6bf3800d49a68f9aa94eee6bea41f07e93e780c67044f59f7dbb066563172b72f2ee63715ed3f7b5e3f238c8430f9c55
-
SSDEEP
24576:Gyx7gJ+1JVoUxpHIadYLKK3j/mIXOXLcOQ3PJtAW17b7zuZPQQc+3pM2WNVekg4I:Vx7JVfxphGjerXLYV17bCPQdpNAzE
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-