Extracted

• • Target

    cb1ae1b6ca29e4fc6238be16dc2adb5fa14a3f31847c169f0cbf1eb22ce3bbff

  • Size

    477KB

  • MD5

    8e0e5660a2122a364eeaa928660d3fd0

  • SHA1

    cb2d64801b3a6c100ce199c0c941b6c5f7c0859f

  • SHA256

    cb1ae1b6ca29e4fc6238be16dc2adb5fa14a3f31847c169f0cbf1eb22ce3bbff

  • SHA512

    823c8e94ce16f59986cfc2295cfd4d0da6dcbb4d865aaecc4c324c78bd3e70786b23dab4c3556323f742ac2561a76d0a33966f25a27d811893f475a1abc05dad

  • SSDEEP

    12288:/MrRy909GGvVlPdRSIFeU6GNfGra4w+ju:Sym9VthwU6G6wh

  Score

  10^/10

  redlinefusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1