General
-
Target
file.exe.bin
-
Size
1.5MB
-
Sample
230507-kz9rjseh6x
-
MD5
5117ac078ba7d5fd6dbd301035ee255b
-
SHA1
abee6080b0c799bb5bbccd915b2e481cf9e88f97
-
SHA256
feae71ea6711a1748d1ee409a5553f223c6cc942705bae83f47e8e8a17ff3c74
-
SHA512
4b2b143f5c50a55229e652c8fc05da1d1894c2e401982719c19058ae925ec445c42495d6f1635192a223e461672017e3c9321cac7f9e39fac520920b5b984a0b
-
SSDEEP
24576:YyWnk6gtS7cdi0XmnijitlsELytJj6jNXtBmeZkinI6s3kHdzueP:fWk6gtSsi0SiWt+YytJW9tBmeZktd3An
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
file.exe.bin
-
Size
1.5MB
-
MD5
5117ac078ba7d5fd6dbd301035ee255b
-
SHA1
abee6080b0c799bb5bbccd915b2e481cf9e88f97
-
SHA256
feae71ea6711a1748d1ee409a5553f223c6cc942705bae83f47e8e8a17ff3c74
-
SHA512
4b2b143f5c50a55229e652c8fc05da1d1894c2e401982719c19058ae925ec445c42495d6f1635192a223e461672017e3c9321cac7f9e39fac520920b5b984a0b
-
SSDEEP
24576:YyWnk6gtS7cdi0XmnijitlsELytJj6jNXtBmeZkinI6s3kHdzueP:fWk6gtSsi0SiWt+YytJW9tBmeZktd3An
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-