Extracted

Extracted

• • Target

    eb415f4964d349a58c0c5923fa294dd2c7c334b89f9a3d7a51ded78185d3120a.bin

  • Size

    1.7MB

  • MD5

    120d8b080b5a80335b72b138bd99bbcb

  • SHA1

    69a11d22775f3efe990fe1036c73fc1774455e72

  • SHA256

    eb415f4964d349a58c0c5923fa294dd2c7c334b89f9a3d7a51ded78185d3120a

  • SHA512

    a8bc4084ca7a92d60c9722eb9f0d375482c6ae0d9f39a0a6a672b3ab1e54439f699941c65690d8272b94bd7472fe3cc747269a6cd7a15cf3f4e2b5bacd5d6826

  • SSDEEP

    49152:px8Jw6eBQvYM3ta3zNRH4Zv1n8dkY4ODicUYkxyDD:kzvxta3z4ZfXfyDD

  Score

  10^/10

  redlinemostdiscoveryevasioninfostealerpersistencespywarestealertrojangena

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2