Extracted

• • Target

    06686d082ee968ec1eb61a35e4ea6bd0a1677649afc4896bb05c35d44c28a828

  • Size

    923KB

  • MD5

    e1bbf84bca043cfb5f635688d3510e6e

  • SHA1

    df8343e15187721cc6e30289243a4f3ca957ce2b

  • SHA256

    06686d082ee968ec1eb61a35e4ea6bd0a1677649afc4896bb05c35d44c28a828

  • SHA512

    88adb2205dce95202fcdfb4f6c40abd8c909c2e6363a7205b6862270da356e06aac01a7cdd1fe6f471aec5dbf4ccd606102b10a40b38e7d38d45628d1b20200d

  • SSDEEP

    24576:AyS/I+ln8IbgUfrgJD2V11rkC188T4l3TYainP1SS:HPUnhLIujrTRT4ljenP

  Score

  10^/10

  redlinelupaevasioninfostealerpersistencetrojanstealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2