Extracted

• • Target

    0b7061c7cab3ef667f1c4272db8fb58faadb8c5ce3ef86959c52c9894c5cff5a

  • Size

    697KB

  • MD5

    9cb1faac8a77e6c92e4f085461d95e52

  • SHA1

    ae7683348183ecfb70a1be8489276ce10eca1305

  • SHA256

    0b7061c7cab3ef667f1c4272db8fb58faadb8c5ce3ef86959c52c9894c5cff5a

  • SHA512

    419707823ad1f52c2b066050cc69690725453ea3d0792808d39b130e6bda68f97971e2b802bd1ea9f81f4b501d9759acf09b4da66913e70c156c2512d48524f7

  • SSDEEP

    12288:uMrKy90QB+Vn9zRBtl9NOk0xbsu93MadyLiyISHnYpg6+jiPHoT3/daTEIBYB:Ey7IV9RBfOX02yISH0gDjiPHoT/gnBYB

  Score

  10^/10

  redlineruzhpeevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2