Extracted

• • Target

    e5c17ab89b7ab539dfa447f9195ff338b7dd51b1080074cce4cc982fdb594db3

  • Size

    587KB

  • MD5

    d6edd78d487269184e2b66c034e4308f

  • SHA1

    4fbb609eca5fa24b3b75556f68c7f187f9123c9a

  • SHA256

    e5c17ab89b7ab539dfa447f9195ff338b7dd51b1080074cce4cc982fdb594db3

  • SHA512

    573fa4f75d72118d48a931df2d8668ea08a1d6ec5707ef26a7fe4b38d74634675ed2badc33970681ebb67be45712e4c6f14f27fd7e7877f1e6d99a55c7085a78

  • SSDEEP

    12288:/Mrvy90KsSbSKcvfWXVoBlzkPtSY9wcfOWsh8c6eG7Y:MyGS/UmqBVkPtSYM3/lG7Y

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2