Extracted

• • Target

    01eae19d64531276c16a4bef3036db2df84446a367b01e01450a4285ff308486

  • Size

    478KB

  • MD5

    7597fa301e64362e72bee1db2191bf4f

  • SHA1

    c94b56e9148df7a435ccf1f64fa15867df575d16

  • SHA256

    01eae19d64531276c16a4bef3036db2df84446a367b01e01450a4285ff308486

  • SHA512

    d9d3e417d6c9317666161f720c10e9def0b871c8a5e53741b83cdbb68c5198c57e632fcbebd6c5b4c439413d3ed1e0b0388c27b4b445aa605a408881bce65884

  • SSDEEP

    12288:GMrGy90SrXmqVyPxC5MkOhiyGUqt6RpqnZp0:0yZRVcxC2dGUqaoZm

  Score

  10^/10

  redlinefukiadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1