Extracted

• • Target

    025b2053120d6931f561bacae0ac2a0326ad0ed5f05ae7fa27ce4840e90aa6d4.bin.bin

  • Size

    1.5MB

  • MD5

    9156b8249fd57e61aa2490d78cc2aff1

  • SHA1

    839602d5d88af79809f52c600400280fcc49f7e1

  • SHA256

    025b2053120d6931f561bacae0ac2a0326ad0ed5f05ae7fa27ce4840e90aa6d4

  • SHA512

    a58b65546cb454de0c5a1aa9383e6e9c706bee28e441995999638d2faa33fafcde70fe52428a2a7d72ad9b0b4e40b9e1e7f3e456ddd5eda789b041ceaa1465fd

  • SSDEEP

    24576:kyOnl2yFYKDokXGSy/7Gu3qWTdHqZEr9V3wzOECwM92Oxq+qds57BgCx:zUHFYJyGS8TdK4MyB1924gdA7

  Score

  10^/10

  redlinemostinfostealerpersistencestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2