Extracted

Extracted

• • Target

    f3b7659fef559a95fdd3dd4ba73b47c85684723f1fb1595108ae6167e299d4c8

  • Size

    1.5MB

  • MD5

    5a8f1f9f4cb13486edf5a705b75a5a43

  • SHA1

    461f9228803a09d3c801d81e58bfe2730b2a59f8

  • SHA256

    f3b7659fef559a95fdd3dd4ba73b47c85684723f1fb1595108ae6167e299d4c8

  • SHA512

    90171479ce600f82ce973e0fb31378c82267d8c4b569c41cc4a1b0bb343f87ade38b5ee04c929fbdca538ca9ba0985f92fa7ce61323ac150d03a74503a853705

  • SSDEEP

    24576:syKZwbiFXP4Kj3VcTR0hBMAo70D8PPIT1L/NNbDU50nk1d6stbUbdT:bKZEiVgKj3VA6mADIPIx/Y0nk76wbUb

  Score

  10^/10

  redlineboommazdadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2