Extracted

• • Target

    f489d6b09bf9ca5780d56dd0fefd81bcbf21f42cadd424f0795c1ad236e133c3

  • Size

    513KB

  • MD5

    81d4e597c2cc1499595e038f140f9a3c

  • SHA1

    fbdd4b03c3f0f6c17d4476c4b711adcbbf6876ec

  • SHA256

    f489d6b09bf9ca5780d56dd0fefd81bcbf21f42cadd424f0795c1ad236e133c3

  • SHA512

    93752c82559223ad350b91dbc0aa3731e7c01acf83675299a0516aa4533f0a60d2b3d2daa3c9e3e6a1c6fccb59cd7d57a4ab0a52e9598f3751abfd7bde9d1860

  • SSDEEP

    12288:VMr4y90+7sVOGV6813hDl0Y931qSXcjpqDarCXanOG0ynY:dyZQO8hDl0u3cSsjcBXJG0yY

  Score

  10^/10

  redlinerostodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1