Extracted

• • Target

    99119b9edb2480144406d65c2e0034f36f8e7a157f8d0ec0996631d92b219c36

  • Size

    711KB

  • MD5

    dcd65a4a41fbd4b972b162a22bce5749

  • SHA1

    59ae59c03ce04badd5ad779a3f7c7f1182571003

  • SHA256

    99119b9edb2480144406d65c2e0034f36f8e7a157f8d0ec0996631d92b219c36

  • SHA512

    84b749219f78ca04d882c6dffca65285098ca81cc5e54e1491b96d0a2ec6f42f91144e03b3f23725f863ce590c62baddcb29bb414ceaf43d468fe92f81ba0c0e

  • SSDEEP

    12288:mMrPy90qrHWycTDpk0Non8PTiwlcTBQCp8+luz3AMgRlmeVvc2:JydbWd2so8+2IBQe8HjAPRoeVvc2

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2