Extracted

• • Target

    9b23afb0366b7438c5179dbbe679c95959ccad51d2e469699ef47379bc5221b0

  • Size

    499KB

  • MD5

    474bb59c2e0fd4304a48dbaf46fbccc6

  • SHA1

    31760d6126e93995c513281f6a4c9e6fcebda08b

  • SHA256

    9b23afb0366b7438c5179dbbe679c95959ccad51d2e469699ef47379bc5221b0

  • SHA512

    1bd1b45b3371e399ad214ea233b16a5a939f402a91906db08070d8e8aa60470332e97b99d6c3ee8729b71a84f0065c278416b03c0a33f4103f0bd6acc0f58d16

  • SSDEEP

    6144:KPy+bnr+3p0yN90QEO20+ZGcGtuZnSSoTkeuYFBITaHOXHH6zhv2VSvYxvgrIJxh:tMr3y906+ZecSXwaUahrvS3JxjgoEu/

  Score

  10^/10

  redlinefukiadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1