Extracted

• • Target

    83d56b71685f475b3291c6fb0c36deb2fb2a26a126f3b01dcca904b476c77b46

  • Size

    535KB

  • MD5

    9525348a1ee81e4d16e1fb9da1e6f07c

  • SHA1

    5279659b0ddd0eb9aa6d119090766bf5c3313ede

  • SHA256

    83d56b71685f475b3291c6fb0c36deb2fb2a26a126f3b01dcca904b476c77b46

  • SHA512

    7d221c9a84a4df481fd72aae467e7f198e3fbd6048787786bfaca917753ae8f0e15926e7a5762011c0d70372d19d83f3f68041158d9e987d4fac5843c9ea6b90

  • SSDEEP

    12288:6Mr7y90xJVNaDGkI+ENF7pMwc60sQW33wrc:NySVNEI5pMBDe8c

  Score

  10^/10

  redlinedunmdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1