Extracted

• • Target

    f831d980af81c5d2a04319794c73bab19ea76eeeb2202a9c3e15eb4aa0c8a0b2.bin

  • Size

    892KB

  • MD5

    e2ae0107d138a18ee97a0674d1704539

  • SHA1

    b37606c722b71e74324b984f68e8a47b66fe738c

  • SHA256

    f831d980af81c5d2a04319794c73bab19ea76eeeb2202a9c3e15eb4aa0c8a0b2

  • SHA512

    cf05936b4b31245e80eae0d3b57fdbfb864da48d6e35a287c5f698f2e06b3ae53839cb01bcc8daa6ea285f3f8f988f3bade00b69a9ddb6a72fb5d99f00d68c5e

  • SSDEEP

    24576:YyWJB9cr4Owta/aRC8OFxFNpGKL3wUDyIxmpE:fWtA47t2/ZFTNUKEIyIg

  Score

  10^/10

  redlinedarkevasioninfostealerpersistencetrojanstealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2