Extracted

• • Target

    e9ae1505911e958aa07b13f7fe6a0b2f11c6175aa46a0881dd916e8cc6678545

  • Size

    855KB

  • MD5

    fa7297d8c1348401fb8fa8b4ecb9ce11

  • SHA1

    3428cbbc3f71ba77f1b9b1a58fe6e0cd8314c791

  • SHA256

    e9ae1505911e958aa07b13f7fe6a0b2f11c6175aa46a0881dd916e8cc6678545

  • SHA512

    0b383516b2605a2529a4264502844aaa35b897c50852a3305b1ba156818420e96f5a115e38ba077af22a05fc60f396956e8d781ef02e908fefd800d1712ee5ce

  • SSDEEP

    24576:byb4H46zl9/liYqJpzRmZkOUOPVZK8SiF+Q:Ob4jlfp+zQxUGVZei

  Score

  10^/10

  redlinedubkadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1