General
-
Target
fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f
-
Size
867KB
-
Sample
230507-kwrrkaee9z
-
MD5
ee59c065cf86b630c3d3ad919ab32b25
-
SHA1
9423c23e8c2af3d995dd9dd565fa74fe00c9df38
-
SHA256
fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f
-
SHA512
d8127dd43f2c61c927d731e7898a9b99844504146b3b598eba7dfbf793dbfd9a779d1da679dce038489dcf21d55d4dfe60753ad8d4d854d68dccbabbe6276a18
-
SSDEEP
12288:/y90iPQedDt4QB5kxhNrINnSpziYt52S6SyTSBP2LbJayCMVMiYkWFtaYChp:/yfpTMrIFYtk2yTSBPiVCmWFcY+p
Static task
static1
Behavioral task
behavioral1
Sample
fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f
-
Size
867KB
-
MD5
ee59c065cf86b630c3d3ad919ab32b25
-
SHA1
9423c23e8c2af3d995dd9dd565fa74fe00c9df38
-
SHA256
fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f
-
SHA512
d8127dd43f2c61c927d731e7898a9b99844504146b3b598eba7dfbf793dbfd9a779d1da679dce038489dcf21d55d4dfe60753ad8d4d854d68dccbabbe6276a18
-
SSDEEP
12288:/y90iPQedDt4QB5kxhNrINnSpziYt52S6SyTSBP2LbJayCMVMiYkWFtaYChp:/yfpTMrIFYtk2yTSBPiVCmWFcY+p
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-