Extracted

Extracted

• • Target

    0602d22cb4ccd1390929535a9e1d45d9ec4232d445ec9f3902040f5496d2c6a4

  • Size

    687KB

  • MD5

    e2930c5678a88b2ca61f2dd4f0a4d8ac

  • SHA1

    c5687f6daa45e8450f4cafa966be3813f73cfbe7

  • SHA256

    0602d22cb4ccd1390929535a9e1d45d9ec4232d445ec9f3902040f5496d2c6a4

  • SHA512

    192166be7aa7f3a39655eb23289ce75a2042ee875538751ba1fd523c2463834e1197de6c64518e803976ff8ee2a737dc58562aa36c2123c973b27893b84c3cc3

  • SSDEEP

    12288:fMrcy90LIpVX5Ib1Th7ZBEoVd8BnuFrc+Z/VBAuX+lGlWTwz2:nyY8VXub1Th7HEoVknm37WuOlGlKwz2

  Score

  10^/10

  redlinefomichstekdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1