Extracted

• • Target

    15cea45abd041a66d4597c55c7ee49e540e15e632148623c76b77e0254a71a4c.bin

  • Size

    1.5MB

  • MD5

    00ae6dead07ceb07981ee20cc8bed234

  • SHA1

    4a004656df37e8f856664596717e961ab5c134be

  • SHA256

    15cea45abd041a66d4597c55c7ee49e540e15e632148623c76b77e0254a71a4c

  • SHA512

    cae633f7503bc632a64c4a7fa72fa2aa3ea30211e23bd0902b702b2abf227824b8d3c39e3e52d4d02ff2f165eeab2cb65ae43e1054b078fe7d971cfae9ca46ca

  • SSDEEP

    24576:My93nDmFoGY8b4IeqvZhxOnR/AlaNE3IUeSXm8n+Oiom9yoR+SUQP7:79wVY8bteEOn19NANeKjKom9y0+fE

  Score

  10^/10

  redlinemostinfostealerpersistencestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2