Extracted

Extracted

• • Target

    94eb67a4dfb3781055f7797678445bd289bd4acca0e7d1a5c7c75542dbdd2eb6

  • Size

    551KB

  • MD5

    d838110cb773123478decc152355eb11

  • SHA1

    2bdf7c29aa54c0b506992dd301086b0dfd4193bf

  • SHA256

    94eb67a4dfb3781055f7797678445bd289bd4acca0e7d1a5c7c75542dbdd2eb6

  • SHA512

    271b620de0752f403f901e91d82d7496a5314a15429e0d4069d11ff05808b2e8baccf8e7f1393d50b8a4d21cff66397db872c5f54dfa78a4af135f87c77b6216

  • SSDEEP

    12288:oMriy90zZsXDVXsbkq/3iLkyit+nlt0o:KyAZuVakqFyiEnj0o

  Score

  10^/10

  redlinefusanocryptdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1