Extracted

Extracted

• • Target

    f1c3c05eac7f4a07cbac0afdae1f3312cb9b87cb72155e8e19a56cc54f370f3b.bin

  • Size

    1.5MB

  • MD5

    b2a7b7ad13804f86dbb613a9dd7c237c

  • SHA1

    561ddbd5442ec48196bc293908ebdd2c86dba3ab

  • SHA256

    f1c3c05eac7f4a07cbac0afdae1f3312cb9b87cb72155e8e19a56cc54f370f3b

  • SHA512

    2ae75b59a6b82bfb5b90c961b1e133cbf019a45b04c46e012105cd553a25c2db20bd65e67e39d2e71fdaa105783579252bd540915f9e16c2670afeea8a179267

  • SSDEEP

    24576:GyyGBXaclpsy51sx4jTnU7ULDmCEA0reCzTPIDOS2ZxSq/HWopKVRs7L+4eZwWJY:VXxpsI1bjDU7IK3hKCzTgD9u1/Np6a+l

  Score

  10^/10

  redlinegenamostdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2