General
-
Target
fbf84e2f571d3ecf6045c5a26b7f389c5f7550917d67713e87a988c6620e0304
-
Size
1.5MB
-
Sample
230507-krnjcacd44
-
MD5
1d61a947a737891a004722d51d3f7d33
-
SHA1
01a329701e87f13f0f2c4b3403a055cea5bd6eed
-
SHA256
fbf84e2f571d3ecf6045c5a26b7f389c5f7550917d67713e87a988c6620e0304
-
SHA512
06ef98fbb38c1ec2d51ad4dc589ec4e8cb08596ee87e58d3e7941e30313245dbb0ab78d0af590c9be0064231e25c64970b5f772cddf5cea9e6e60ad360198d10
-
SSDEEP
24576:6ydlA5ZLKaHx8PGcJqRILue5YFXg583FkZMRAeJ5K8N0MIWxJA6Il5F6HDbrAsLc:Bdm5Z+aHxGnJqOCeYXg6SKfK80Yi6WPS
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
fbf84e2f571d3ecf6045c5a26b7f389c5f7550917d67713e87a988c6620e0304
-
Size
1.5MB
-
MD5
1d61a947a737891a004722d51d3f7d33
-
SHA1
01a329701e87f13f0f2c4b3403a055cea5bd6eed
-
SHA256
fbf84e2f571d3ecf6045c5a26b7f389c5f7550917d67713e87a988c6620e0304
-
SHA512
06ef98fbb38c1ec2d51ad4dc589ec4e8cb08596ee87e58d3e7941e30313245dbb0ab78d0af590c9be0064231e25c64970b5f772cddf5cea9e6e60ad360198d10
-
SSDEEP
24576:6ydlA5ZLKaHx8PGcJqRILue5YFXg583FkZMRAeJ5K8N0MIWxJA6Il5F6HDbrAsLc:Bdm5Z+aHxGnJqOCeYXg6SKfK80Yi6WPS
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-