Extracted

• • Target

    023ca879629217f9a2f2fa55a500c4cf28ae1220f1d9a8888ee2008a21a246a1.bin

  • Size

    1.5MB

  • MD5

    fa307004acd55f80b674418692bfc4bc

  • SHA1

    b10f65d2258af45ccc64c14fb77e1f06d8bb4890

  • SHA256

    023ca879629217f9a2f2fa55a500c4cf28ae1220f1d9a8888ee2008a21a246a1

  • SHA512

    0a333e527fe139fac5660454a8434a9123577967693ac74af74e56162db7cd681ea90fbd45155f1d8f0b3df4586d7cc7ed9ea4013543339aca7a7f8876ab4ac8

  • SSDEEP

    24576:lyRk+NTydkKD8YqS9Tz8UnYvRD0Ft56OJWevOT8bvFFpqahT3bS8uBvY0hCO7GWC:ANTydnl9MaYvRDY56zevh/YcxuBASCOG

  Score

  10^/10

  redlinemostinfostealerpersistencestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2