General
-
Target
ff66f0bc2e3a02670bd7fb506b895346ce03f9b6b8c5241108716f61c5d919f9.bin
-
Size
1.5MB
-
Sample
230507-kyl9vseg6t
-
MD5
875f529eeed67404bd1a4f8736aca909
-
SHA1
6a3baed57a99493cf046699bb72a3f8e60aa01f5
-
SHA256
ff66f0bc2e3a02670bd7fb506b895346ce03f9b6b8c5241108716f61c5d919f9
-
SHA512
78d44e269b8e85343fdac975acf88fb868d80d5a27279bb7bb370211ee20f83858d3ae37521540e571aec09cedc9a510d8341c4976af894739bd5806b464de80
-
SSDEEP
24576:2yJERywPexDLnRtyZI8zI6oSUPofGKjVdT1eZaV4Ubs3kHhYOyg:FgywPWLRt6tzI6hGKjvT1eZa7Q3Ax
Static task
static1
Behavioral task
behavioral1
Sample
ff66f0bc2e3a02670bd7fb506b895346ce03f9b6b8c5241108716f61c5d919f9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ff66f0bc2e3a02670bd7fb506b895346ce03f9b6b8c5241108716f61c5d919f9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
ff66f0bc2e3a02670bd7fb506b895346ce03f9b6b8c5241108716f61c5d919f9.bin
-
Size
1.5MB
-
MD5
875f529eeed67404bd1a4f8736aca909
-
SHA1
6a3baed57a99493cf046699bb72a3f8e60aa01f5
-
SHA256
ff66f0bc2e3a02670bd7fb506b895346ce03f9b6b8c5241108716f61c5d919f9
-
SHA512
78d44e269b8e85343fdac975acf88fb868d80d5a27279bb7bb370211ee20f83858d3ae37521540e571aec09cedc9a510d8341c4976af894739bd5806b464de80
-
SSDEEP
24576:2yJERywPexDLnRtyZI8zI6oSUPofGKjVdT1eZaV4Ubs3kHhYOyg:FgywPWLRt6tzI6hGKjvT1eZa7Q3Ax
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-