Extracted

Extracted

• • Target

    0c51986871cb929c9ef70a9e256e1aae9b4780d02f21137f66328f6e95c00bb8

  • Size

    660KB

  • MD5

    901128f9585875d07347509d42ae1456

  • SHA1

    259d29809ec76fe7928e373640be95db63e6b4f7

  • SHA256

    0c51986871cb929c9ef70a9e256e1aae9b4780d02f21137f66328f6e95c00bb8

  • SHA512

    8582d52688a14ddf094f8bd9f4ce108640498071f285f641dc1453e44aca768d8a41fdfc1b62c50b6b0540aec96f8b24fba688c9d05b2649a7cb82b10c9d7f83

  • SSDEEP

    12288:EMrCy90o6eCtmAMNcXu+0QeNDPhJvvGB0v1bYgQm1K:WypnCZu+0QeZPnYY1K

  Score

  10^/10

  redlinefoksarostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1