Extracted

• • Target

    f328cbe2d41f86c76632eeb4516bb850d64714e3c38ef6dd5d6adbc049d9e97e

  • Size

    589KB

  • MD5

    79731f7e841cc4cd9e6b313a4a151033

  • SHA1

    b16f9f42bda77abac8953d7abc6bcfd6c29d5811

  • SHA256

    f328cbe2d41f86c76632eeb4516bb850d64714e3c38ef6dd5d6adbc049d9e97e

  • SHA512

    529df645348ef500d1a8579a0d938cb22776a1452491c852ac81e71b51f8468a8c337d0f376ffb43e4540a1bce7364097c57dde9b81948390704db3f84497d49

  • SSDEEP

    12288:IMr4y90E8VVhz0pRJD3mVlTfzFGZpkILe15EDEpqoRHpCyYkQj1k:Qyt89wrmbT5GZ1Le15EDEpbekQj1k

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2