Extracted

• • Target

    da72f2cb6f684fb1e0b20d1f48fa218eed5742f3288a4cda9b45ef4dc0503ceb.bin

  • Size

    1.5MB

  • MD5

    e151f1b1bcf6a54cce98e1ddc76a2bfe

  • SHA1

    1975670e187659e6b145f5fd02271d6778131b8c

  • SHA256

    da72f2cb6f684fb1e0b20d1f48fa218eed5742f3288a4cda9b45ef4dc0503ceb

  • SHA512

    7b08d520483e6595c5a7a142e9d93f0736a50472c62dc766823f20dc8c83d30d3809f07587fe34df85dbadbaeb514e4edf6c8cc5eac75a40784f59662cf26d0d

  • SSDEEP

    24576:xyUA3zBAhj3Z8cn5RvogpsAwVmJXG0sj0gmRz4CJTAIj0aP2uq5Y:kUADBAhN8c5lobAwVm5W9CJ340

  Score

  10^/10

  redlinemostdiscoveryinfostealerpersistencespywarestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2