Extracted

• • Target

    062182ded6524fbca137dde8873c6ffbc5961cd53316c5586183710e66e7b8ad

  • Size

    855KB

  • MD5

    618ae8ec7a260d71ecfcac72361a7e32

  • SHA1

    bfa3976852195d18bfbf0c049191bdb65990b7b8

  • SHA256

    062182ded6524fbca137dde8873c6ffbc5961cd53316c5586183710e66e7b8ad

  • SHA512

    65ef4191f53b7942797b525de0de1ec20d8b516a6d2f9379c5ec54344132c29b1def28e652269bee55fd94a5bd3a6d242cca5bf479b14202be4d3a061d7ba743

  • SSDEEP

    24576:kygwf1xPy8bH3nfgJa/Bj2AAFvRu83vDpNiD/X:zgoK8b3nFBj2AA/LpNW

  Score

  10^/10

  redlinedubkadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1