General
-
Target
feb84e247fa3deaf7f9af2f236f7ef78989413ce696b1a7f3cdad73157def0f1.bin
-
Size
1.5MB
-
Sample
230507-kxlxpsch36
-
MD5
39f25229cbb0b657e5bc216fd971ef78
-
SHA1
34b7b8e3b3d19f978f6791ae105d84207a75e56a
-
SHA256
feb84e247fa3deaf7f9af2f236f7ef78989413ce696b1a7f3cdad73157def0f1
-
SHA512
c8e6e044b87a9a1d43a773d9aafedd4fbe3358405711566352def7390233ee2a94361a278596b1e4e10498534b651cb25333c197e8b3d50e6331c9d57e9497b9
-
SSDEEP
24576:QyidtR6Tw0P7rl8R6Iot6tPOrfjt12aBSVjbcec95S8/ef35Qv44qmnwMfL116qR:Xi3R6tP7m1WmPkf2aBSVjboXWfPmwMf5
Static task
static1
Behavioral task
behavioral1
Sample
feb84e247fa3deaf7f9af2f236f7ef78989413ce696b1a7f3cdad73157def0f1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
feb84e247fa3deaf7f9af2f236f7ef78989413ce696b1a7f3cdad73157def0f1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
feb84e247fa3deaf7f9af2f236f7ef78989413ce696b1a7f3cdad73157def0f1.bin
-
Size
1.5MB
-
MD5
39f25229cbb0b657e5bc216fd971ef78
-
SHA1
34b7b8e3b3d19f978f6791ae105d84207a75e56a
-
SHA256
feb84e247fa3deaf7f9af2f236f7ef78989413ce696b1a7f3cdad73157def0f1
-
SHA512
c8e6e044b87a9a1d43a773d9aafedd4fbe3358405711566352def7390233ee2a94361a278596b1e4e10498534b651cb25333c197e8b3d50e6331c9d57e9497b9
-
SSDEEP
24576:QyidtR6Tw0P7rl8R6Iot6tPOrfjt12aBSVjbcec95S8/ef35Qv44qmnwMfL116qR:Xi3R6tP7m1WmPkf2aBSVjboXWfPmwMf5
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-