General
-
Target
f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
-
Size
1.2MB
-
Sample
230507-kgavhabb25
-
MD5
b2ef90e9c20df0c02c7026e4c7bcb923
-
SHA1
23b3d26267a98c6d56540d463e8d46f6cba1a326
-
SHA256
f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
-
SHA512
0e528c77274613406cd34628f4b09c3dcfbf1ca2c203510ea2c1d6219e31bee2e39dbe03db9ca74612d0032e9f499c6f1115fb0f3dd3f118524757f87a662d12
-
SSDEEP
24576:nynQAnh/kVAMhhJ5kS0zp99asNBp/u3SrGFYblOyQBsWKwKaqe3uK:ynH/BMhVR0V9rNfuixEIJ6
Static task
static1
Behavioral task
behavioral1
Sample
f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
185.161.248.73:4164
-
auth_value
c2dc311db9820012377b054447d37949
Targets
-
-
Target
f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
-
Size
1.2MB
-
MD5
b2ef90e9c20df0c02c7026e4c7bcb923
-
SHA1
23b3d26267a98c6d56540d463e8d46f6cba1a326
-
SHA256
f4e8b0767d1e0cc08f08d6c453aa9dff516fa35d21a60a08978990565aa3dbce
-
SHA512
0e528c77274613406cd34628f4b09c3dcfbf1ca2c203510ea2c1d6219e31bee2e39dbe03db9ca74612d0032e9f499c6f1115fb0f3dd3f118524757f87a662d12
-
SSDEEP
24576:nynQAnh/kVAMhhJ5kS0zp99asNBp/u3SrGFYblOyQBsWKwKaqe3uK:ynH/BMhVR0V9rNfuixEIJ6
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-