Extracted

Extracted

• • Target

    45bbed85ebbc60dd139f50d98d9f70be979069c5cc57ae060a599e23284b1f2d

  • Size

    1.5MB

  • MD5

    83f88944f53ffb95730512cc5807b178

  • SHA1

    c06b03f02a8827688ab4c0d568a8fa15a24ad456

  • SHA256

    45bbed85ebbc60dd139f50d98d9f70be979069c5cc57ae060a599e23284b1f2d

  • SHA512

    1c631d254cea6adb1f859df89e5334adc4563fc1ecdff84417884cc45bba5a6f9e13aacbae053ac6ca9c2a987d9cf948f1ec0ed73f14df4eae97a435fb79a6ba

  • SSDEEP

    24576:EyU0fZjCxu/Jrug01HTJ7QYDtRK7DPkbjfV0xO3Ov+LP2evzWavPGCEzJIL/D6B:TU7Y/01HNBKUfV0xAOv+b5x6Ir

  Score

  10^/10

  redlineboommaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2