Extracted

Extracted

• • Target

    cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26

  • Size

    1.1MB

  • MD5

    7f6536e7456dbb3d0812893eb21efbb9

  • SHA1

    1b80b471cdab31a1ce5f5e0ae23606c86b14e3bf

  • SHA256

    cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26

  • SHA512

    a18d597e4779527269a8c6e08b5da1a9db91e42e31539c244d685e8ac1d2ef72d4f21cbd21b0498dad7e544486010f08d36a666be1e578a9ac7cb2fe6499189a

  • SSDEEP

    24576:Vysc8c91t0G0NcChw3o1OmUX5M+bWWxxharHfBFCiL9JxyyCXKcLaSALR:w112GMBi2UJzyGYrPCij4yC6ZSA

  Score

  10^/10

  redlinedurovrouchdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1