Extracted

• • Target

    9dd7ea17c0ca5edcb22654bfe7c78b2c04ab23b1f94aa1fa80e0ef01320fd9b2

  • Size

    470KB

  • MD5

    c06546df0e1e0e427f14a9620e78895f

  • SHA1

    56885880b2155bae2d2f4e207fcc07e46ddae47d

  • SHA256

    9dd7ea17c0ca5edcb22654bfe7c78b2c04ab23b1f94aa1fa80e0ef01320fd9b2

  • SHA512

    ea58699ccb827389943490c77ff24721cb3cd5fe23f6a217058ec1968b58ce19fc309d9b2037522773450766ed8eaa4f1ac650841d7b99e95a5f9efa3f46ad62

  • SSDEEP

    12288:LMrZy908fUEsueDW9wl5k3FgqiV9Zq1HD50LVsX:mybUd89mk3WqiVrqT0BsX

  Score

  10^/10

  redlinefukiadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1