General
-
Target
e45dcd515e3a33d5375b90f34fd1c5bec819ef40d8ae2279fb0bcd72016f877a
-
Size
1.2MB
-
Sample
230507-jqp54she9w
-
MD5
2e45340ded692c7a03233672ed4d3dea
-
SHA1
7d6066de4195f24231ec5eede72eb2d4c24e8352
-
SHA256
e45dcd515e3a33d5375b90f34fd1c5bec819ef40d8ae2279fb0bcd72016f877a
-
SHA512
b0e188e5ae0b717b2001e13733f34c1317dbe53a6eadaca2e17f892cebf65fcbad49ed26c6e6cea06f7adcedd11cce5c420ed5748e75100df33843dc0f861f1d
-
SSDEEP
24576:dyxCup9QbeRQ1mbayODcQ3503wW1s9y5pEcuik+T:4np9QbeSojODh41s9y/R/
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
e45dcd515e3a33d5375b90f34fd1c5bec819ef40d8ae2279fb0bcd72016f877a
-
Size
1.2MB
-
MD5
2e45340ded692c7a03233672ed4d3dea
-
SHA1
7d6066de4195f24231ec5eede72eb2d4c24e8352
-
SHA256
e45dcd515e3a33d5375b90f34fd1c5bec819ef40d8ae2279fb0bcd72016f877a
-
SHA512
b0e188e5ae0b717b2001e13733f34c1317dbe53a6eadaca2e17f892cebf65fcbad49ed26c6e6cea06f7adcedd11cce5c420ed5748e75100df33843dc0f861f1d
-
SSDEEP
24576:dyxCup9QbeRQ1mbayODcQ3503wW1s9y5pEcuik+T:4np9QbeSojODh41s9y/R/
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-