General
-
Target
def1e2528d6d17908ac418a92b0f332451035f0038940642ec5914ff2b023330
-
Size
1.2MB
-
Sample
230507-jgmzdsge7s
-
MD5
04fedec51cdac569932240311bcaf79d
-
SHA1
63d041e32b921d245c4c0ee8ef3d19a8f14ef39b
-
SHA256
def1e2528d6d17908ac418a92b0f332451035f0038940642ec5914ff2b023330
-
SHA512
4bfa88ccdb2e12034b99b9e4893c0140d379209918c48598fa437b8173e4e9d269bfeb65fe9c7a449f346fdc844331a54edeeb4c5ad90e816119780c8f7f9a6c
-
SSDEEP
24576:6y4nJZEnjh3Xeeiw9PK/IPTZoRNhQ3rmhRW11W1eJEr5wNo8XjbzXc:BiJyjIenCA8ET11W065ufzX
Static task
static1
Behavioral task
behavioral1
Sample
def1e2528d6d17908ac418a92b0f332451035f0038940642ec5914ff2b023330.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
def1e2528d6d17908ac418a92b0f332451035f0038940642ec5914ff2b023330.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
def1e2528d6d17908ac418a92b0f332451035f0038940642ec5914ff2b023330
-
Size
1.2MB
-
MD5
04fedec51cdac569932240311bcaf79d
-
SHA1
63d041e32b921d245c4c0ee8ef3d19a8f14ef39b
-
SHA256
def1e2528d6d17908ac418a92b0f332451035f0038940642ec5914ff2b023330
-
SHA512
4bfa88ccdb2e12034b99b9e4893c0140d379209918c48598fa437b8173e4e9d269bfeb65fe9c7a449f346fdc844331a54edeeb4c5ad90e816119780c8f7f9a6c
-
SSDEEP
24576:6y4nJZEnjh3Xeeiw9PK/IPTZoRNhQ3rmhRW11W1eJEr5wNo8XjbzXc:BiJyjIenCA8ET11W065ufzX
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-