Extracted

• • Target

    b6c219dc8e3d4458cfe6c053cd472d921253ea153bcfa764db681634eab6dae0

  • Size

    1.2MB

  • MD5

    4accc8ae9346fcf9f944afc4da7527ac

  • SHA1

    10776261a62bc832c89a2a635854b38770d1794f

  • SHA256

    b6c219dc8e3d4458cfe6c053cd472d921253ea153bcfa764db681634eab6dae0

  • SHA512

    509cafdff9823600eea7d14bc3aea6fb44e56cad648ce67f3dc1150807ab0ec579180ce441c76199262816f924c53166f842fa07a7f99da0605eea32bba0af5c

  • SSDEEP

    24576:kyNQbL6b3QeLiNopK2WFxFHsWt2sofovNoaKvrR:zNU6bZLi+pK7rFnttx1oaKvr

  Score

  10^/10

  redlineluserevasioninfostealerpersistencetrojanstealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2