General
-
Target
fdf77304628c3ff6a6ac0f12a9b4fe6a6474f7ccc27f7fd6ba6f79e26d393e2e.bin
-
Size
1.5MB
-
Sample
230507-kv337see4z
-
MD5
8d302feb76da1f5008a155fb5b49687b
-
SHA1
8398d068d5305f8a1b8eab5197691f19529386c5
-
SHA256
fdf77304628c3ff6a6ac0f12a9b4fe6a6474f7ccc27f7fd6ba6f79e26d393e2e
-
SHA512
5d85be7a5a4e45857b7654bff17a1e7e732b27cf12a27c82500d97ed359b0b186c37f79434d9726610873e1bd0b0b69d1c279227d7e37bde627b1ab49c5b8407
-
SSDEEP
24576:8yecX29EPYNZT2wbLzY49Xp5FFWnMFy121B8TTuBTRi1O/HkL/zPkcHhqlJ/cm36:recXkEU92QzYYZ5FFWME12H8fuB9i1OD
Static task
static1
Behavioral task
behavioral1
Sample
fdf77304628c3ff6a6ac0f12a9b4fe6a6474f7ccc27f7fd6ba6f79e26d393e2e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fdf77304628c3ff6a6ac0f12a9b4fe6a6474f7ccc27f7fd6ba6f79e26d393e2e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
fdf77304628c3ff6a6ac0f12a9b4fe6a6474f7ccc27f7fd6ba6f79e26d393e2e.bin
-
Size
1.5MB
-
MD5
8d302feb76da1f5008a155fb5b49687b
-
SHA1
8398d068d5305f8a1b8eab5197691f19529386c5
-
SHA256
fdf77304628c3ff6a6ac0f12a9b4fe6a6474f7ccc27f7fd6ba6f79e26d393e2e
-
SHA512
5d85be7a5a4e45857b7654bff17a1e7e732b27cf12a27c82500d97ed359b0b186c37f79434d9726610873e1bd0b0b69d1c279227d7e37bde627b1ab49c5b8407
-
SSDEEP
24576:8yecX29EPYNZT2wbLzY49Xp5FFWnMFy121B8TTuBTRi1O/HkL/zPkcHhqlJ/cm36:recXkEU92QzYYZ5FFWME12H8fuB9i1OD
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-