Extracted

• • Target

    7e848a1b54a2ac5f7c6573675c164825dac7f3dc7ae68d86d2dda7202bcb952a

  • Size

    821KB

  • MD5

    998e3904f1cd828b6c6a9e27eb05734d

  • SHA1

    92c1ae4eb859a8a4bea4e407ef853d6a38002898

  • SHA256

    7e848a1b54a2ac5f7c6573675c164825dac7f3dc7ae68d86d2dda7202bcb952a

  • SHA512

    fb0e64bffa1422983906f80ddb64dea26ee232d67ccd020ec82f3ccf4faafec221807a4d5c9a741a78caaeb90733dc16b5218945a573cc6430c82a6ac5753f0f

  • SSDEEP

    24576:oy9smVHzNKKskD6X6cUpIJ0h5BtWowZGm:v9smtd9D6X6qJ0hUowZ

  Score

  10^/10

  redlinedubkadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1