redline

General

Target

19767b1dd4c1fb312a938d0b176453a54b423a1f901bc99e882b4bdb40eeb1b1
Size

599KB
Sample

230505-ws3kfaca88
MD5

fc595fc97d5e356e8e089529396364ad
SHA1

6467f91b6bfab28a037226730d29e09f3acc3656
SHA256

19767b1dd4c1fb312a938d0b176453a54b423a1f901bc99e882b4bdb40eeb1b1
SHA512

33956287241702c7b7b5ad05a39aa37c99f85c32aa5d45c165f194ea6de99d69a7e68e193fe58293f928326228d35ba849a635f43a64626f293dd51859aae516
SSDEEP

12288:wMrcy90taeprQoX1IKisgEzE20pJJH+Sm+UG73Iv2HXtRUb:8yiprQgaNEzCJQGLIv2Hcb

Score

10^/10

Malware Config

Targets

- Target
  
  19767b1dd4c1fb312a938d0b176453a54b423a1f901bc99e882b4bdb40eeb1b1
- Size
  
  599KB
- MD5
  
  fc595fc97d5e356e8e089529396364ad
- SHA1
  
  6467f91b6bfab28a037226730d29e09f3acc3656
- SHA256
  
  19767b1dd4c1fb312a938d0b176453a54b423a1f901bc99e882b4bdb40eeb1b1
- SHA512
  
  33956287241702c7b7b5ad05a39aa37c99f85c32aa5d45c165f194ea6de99d69a7e68e193fe58293f928326228d35ba849a635f43a64626f293dd51859aae516
- SSDEEP
  
  12288:wMrcy90taeprQoX1IKisgEzE20pJJH+Sm+UG73Iv2HXtRUb:8yiprQgaNEzCJQGLIv2Hcb
Score

10^/10

discovery evasion persistence spyware stealer trojan redline infostealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2