General
-
Target
ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91
-
Size
1.5MB
-
Sample
230507-kzl1gseh3t
-
MD5
2f500d17337e9e612d6673e05ad272d6
-
SHA1
cecba24029cff3333bbfc6ee1dc2eff8deffa086
-
SHA256
ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91
-
SHA512
e3680ed43050fc2f3c7f228a10e64c633f16971b56d92e5f28ba2964845ec855a0032b36d90185f40707334d9eedf0e93061cc0f489d5fc03b5e1deb71f0859c
-
SSDEEP
24576:hyFfCkL4o+fHTkGnYu7KNBvneXVjKgq8ozWIKcKXnI75gp2GW0wmqO8vulVFwDxP:U5Cftz9oBveljKgqZ/fdChW3yjFwVpdd
Static task
static1
Behavioral task
behavioral1
Sample
ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91
-
Size
1.5MB
-
MD5
2f500d17337e9e612d6673e05ad272d6
-
SHA1
cecba24029cff3333bbfc6ee1dc2eff8deffa086
-
SHA256
ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91
-
SHA512
e3680ed43050fc2f3c7f228a10e64c633f16971b56d92e5f28ba2964845ec855a0032b36d90185f40707334d9eedf0e93061cc0f489d5fc03b5e1deb71f0859c
-
SSDEEP
24576:hyFfCkL4o+fHTkGnYu7KNBvneXVjKgq8ozWIKcKXnI75gp2GW0wmqO8vulVFwDxP:U5Cftz9oBveljKgqZ/fdChW3yjFwVpdd
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-