General
-
Target
fb40b111f9fd6b2b711468fc0648619c24cef3af770edf851dfb782ed135cbe9
-
Size
850KB
-
Sample
230507-kqjtrscc38
-
MD5
4b017bab91eb4336f08231251b0c6372
-
SHA1
1eb15f7e81faaa1403dfcdef4a0b5ace782b61f7
-
SHA256
fb40b111f9fd6b2b711468fc0648619c24cef3af770edf851dfb782ed135cbe9
-
SHA512
f7c87c4b111945e5683f8611abedfec69e11e9053cbc8cbce3ea8f2178a19efed1e28996ed2a4957d8dc3b44a50539f1d25193acd44ed10923640614e170d964
-
SSDEEP
24576:myoewHIr7Die3C4Wz0QFvjN4T7/xo22k/BjCs98GyRk78:1dZr7BS8Q9W75x2k/BesJyRo
Static task
static1
Behavioral task
behavioral1
Sample
fb40b111f9fd6b2b711468fc0648619c24cef3af770edf851dfb782ed135cbe9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fb40b111f9fd6b2b711468fc0648619c24cef3af770edf851dfb782ed135cbe9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
danko
185.161.248.73:4164
-
auth_value
784d42a6c1eb1a5060b8bcd3696f5f1e
Targets
-
-
Target
fb40b111f9fd6b2b711468fc0648619c24cef3af770edf851dfb782ed135cbe9
-
Size
850KB
-
MD5
4b017bab91eb4336f08231251b0c6372
-
SHA1
1eb15f7e81faaa1403dfcdef4a0b5ace782b61f7
-
SHA256
fb40b111f9fd6b2b711468fc0648619c24cef3af770edf851dfb782ed135cbe9
-
SHA512
f7c87c4b111945e5683f8611abedfec69e11e9053cbc8cbce3ea8f2178a19efed1e28996ed2a4957d8dc3b44a50539f1d25193acd44ed10923640614e170d964
-
SSDEEP
24576:myoewHIr7Die3C4Wz0QFvjN4T7/xo22k/BjCs98GyRk78:1dZr7BS8Q9W75x2k/BesJyRo
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-