Extracted

Extracted

• • Target

    a6a442d129343d0703177aaad04d4224195bf333e1329f045818f1bc75a82bf3

  • Size

    661KB

  • MD5

    d00c248f2dd30b1d74b5316495bd0358

  • SHA1

    9e5ff629f77cd93b26dcc2241423f5243c3c08b1

  • SHA256

    a6a442d129343d0703177aaad04d4224195bf333e1329f045818f1bc75a82bf3

  • SHA512

    5f1f4eacdee6858b22780631d068f85104b96c5f762aeb529235aa1858306de4deb39c92e4008b7c11f0d19412e3c37a00b87429d87e06aaeb0d0142cfbd62e7

  • SSDEEP

    12288:FMrly90Ch22Iome5JCKz2wa0CdsJDp4klP2CWTdt4ZNfKDfEkIhnz78w:kydJmcQKz27dqDp4kxhWTscK5

  Score

  10^/10

  redlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1