Extracted

Extracted

• • Target

    79bbb9df46df5f79d4f79dc64dfd9b12f646fc6a5fd1120e077974b521c538f4

  • Size

    539KB

  • MD5

    08bcdf7a7620a8da5f8d319cdd0061b3

  • SHA1

    5bd151ff5cb42f38991d84b12349715167c53dd5

  • SHA256

    79bbb9df46df5f79d4f79dc64dfd9b12f646fc6a5fd1120e077974b521c538f4

  • SHA512

    08ec8dc2429784a9c2641f1af844a13c800af2cd45f5cc1d1781fbb77720234e4f7e608b82d35ba0aa98b2d9fa5d1b68622fee020ffa7056f1183915475f9f16

  • SSDEEP

    12288:wMrky90yX9RLRxkaJZINE4e9Ht0e6C1731lgo:EyxXTLRfJ2pe1d6C17Tgo

  Score

  10^/10

  redlinefukiarumadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1