Extracted

Extracted

• • Target

    6657a9a4896d461fdedff33d41d7c0c8f040cfd16d62d5f0378162989b3a373e

  • Size

    531KB

  • MD5

    a52e3ecc636304971a21eaafd389099e

  • SHA1

    27a42fd893906d79dbd8960f0ff2dc079780b6c9

  • SHA256

    6657a9a4896d461fdedff33d41d7c0c8f040cfd16d62d5f0378162989b3a373e

  • SHA512

    ece49322b8cb7a53fe0dedbbf843cb4e01a26ada60f00601bdea29c1d106c15906be8e5b7919a95aed9748ff1b14fcf503aaddaaee828299208733fc784fdefd

  • SSDEEP

    12288:gMr4y90a1Dbr9te7n9gu/DOzEgbFMnliNoooQ:IyNDb7juwByfi

  Score

  10^/10

  redlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1