Extracted

• • Target

    14969063386dc9eed900be8011764e58f36e202ba449fe87d9b4566130f5effd

  • Size

    924KB

  • MD5

    26fa3d0e82dbffbb712de16541de61ef

  • SHA1

    fe7bc62e8c765d6db643be6743369c022580fa94

  • SHA256

    14969063386dc9eed900be8011764e58f36e202ba449fe87d9b4566130f5effd

  • SHA512

    79405a695f49f95b97bdd2cd9709c3adaebd83668e8b000457178fafa7aebcfb3cf8492c9e1b4a04ab0be53f5917c77315f8005d7b095ace1a82d6861aa52524

  • SSDEEP

    24576:9yLBKE0VkzTLo7qfax9wniaMbJA1ofxP3SDQ:Y8VYTE7qSxeiaMbJvfxP3SD

  Score

  10^/10

  redlinelupaevasioninfostealerpersistencetrojanstealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2