Extracted

• • Target

    a603ee65835fb3c508fbd6294d100c26d5c45385b3bc3939996b3680e4b38cf1

  • Size

    854KB

  • MD5

    438773c41e73a2113e689190b39a6a4b

  • SHA1

    f436d0b94ee34f0291992dbe2a19991997ad3675

  • SHA256

    a603ee65835fb3c508fbd6294d100c26d5c45385b3bc3939996b3680e4b38cf1

  • SHA512

    d940d443483bc8ff07f5a5a11f0603dc6fab327401fa458aad0b8401262bd2ad6f6962277cde803af74677660bdf30fdbc2ed4aaf96e1d58d110b83db2ab45db

  • SSDEEP

    24576:0ypAXTkCJgRvsc/6cnS8mOqUQIp0aDBL6sS/:DpAXTkCO9scL7qZu0mLH

  Score

  10^/10

  redlinedubkadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1