Extracted

• • Target

    6f269cbc07c7163d9062ca323d29a34a19caa4aa10f22c1c060c17fcc397598b.bin

  • Size

    1.5MB

  • MD5

    7c9ff6551429caea1071413da00f84e5

  • SHA1

    84a79f73f9511f921ffc03276a6697693687afad

  • SHA256

    6f269cbc07c7163d9062ca323d29a34a19caa4aa10f22c1c060c17fcc397598b

  • SHA512

    b1e1c11c44d345792c5393215f877e6b187f83efaa36d4ef39c45e649c6376cdff7b0ac2c8ff2087e7b2b942c2df879ed6a03834191d00cd28332e1fdd55bce7

  • SSDEEP

    24576:GyUjIoRrIvsIseKb+0+yPxaWMC/JxzHhwOtYYDHBogqHcZMzmXcULStT/whQoY+f:VCBRrIvo4UIWM4lwOaYDHBXqHCRMULCz

  Score

  10^/10

  redlinemostinfostealerpersistencestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2