General
-
Target
e5bf3a8567e73fcb4b53140c0c04bfa3bbbc18e8045903701e9da29e1858785b
-
Size
851KB
-
Sample
230507-jsjq4sgc55
-
MD5
875e072932f0fecdf3d2bd28da5df115
-
SHA1
3aa1adbb0b20f91401c8dafea890f2bf5f82fd2e
-
SHA256
e5bf3a8567e73fcb4b53140c0c04bfa3bbbc18e8045903701e9da29e1858785b
-
SHA512
d9c260916cbce5f97b8717acb7cbe09db726377aeba1b13e55fc32211d10924acda5e04566f82a1e73d1b87ad5781aebc32a2485fc655e129c79a8f42151efe0
-
SSDEEP
12288:7y90y9hku3+iJWVToParWmPISvA3C/zsaX437KvOZuWc4vdGGPHKiTQh9QN7zy90:7ytZ3v4FrWFSo3tKdB49HtTLvuMWY
Static task
static1
Behavioral task
behavioral1
Sample
e5bf3a8567e73fcb4b53140c0c04bfa3bbbc18e8045903701e9da29e1858785b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e5bf3a8567e73fcb4b53140c0c04bfa3bbbc18e8045903701e9da29e1858785b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
e5bf3a8567e73fcb4b53140c0c04bfa3bbbc18e8045903701e9da29e1858785b
-
Size
851KB
-
MD5
875e072932f0fecdf3d2bd28da5df115
-
SHA1
3aa1adbb0b20f91401c8dafea890f2bf5f82fd2e
-
SHA256
e5bf3a8567e73fcb4b53140c0c04bfa3bbbc18e8045903701e9da29e1858785b
-
SHA512
d9c260916cbce5f97b8717acb7cbe09db726377aeba1b13e55fc32211d10924acda5e04566f82a1e73d1b87ad5781aebc32a2485fc655e129c79a8f42151efe0
-
SSDEEP
12288:7y90y9hku3+iJWVToParWmPISvA3C/zsaX437KvOZuWc4vdGGPHKiTQh9QN7zy90:7ytZ3v4FrWFSo3tKdB49HtTLvuMWY
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-