Extracted

• • Target

    f540565e5f5354045f99e1560af41b9f2ac62772b40a21470d71e881b2e3343c.bin

  • Size

    1.5MB

  • MD5

    c1573a5596f670b880b30188a659a291

  • SHA1

    aff895f8fa6ac961c3a8189f54266911330e33ef

  • SHA256

    f540565e5f5354045f99e1560af41b9f2ac62772b40a21470d71e881b2e3343c

  • SHA512

    564e0d4d53b7c088b4153f3331240dde79d2cfddb52562ffb8f3d2469033d5abfc0f9b067d7f9b193fa386d6e77555073e3daf95ce8dfa47c5fa07bbda4a8d87

  • SSDEEP

    24576:PyPwLyjVk7UcPjFkuT8yRba3e/CfDASov1LAdrauI5UH1BYlg:aPwujVk7U0jFkuT8yrQDABv1L4Wi1q

  Score

  10^/10

  redlinemostinfostealerpersistencestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2