Extracted

Extracted

• • Target

    80c262074129702d0a79dabb55f2b5fb0e3d136cf41f6f1606b0aa75f6d8f63a

  • Size

    526KB

  • MD5

    9e2aa8178f6385bf53ceaf81b63849c0

  • SHA1

    74bd985a75135a31e658a663513cade951c1fff2

  • SHA256

    80c262074129702d0a79dabb55f2b5fb0e3d136cf41f6f1606b0aa75f6d8f63a

  • SHA512

    4a2017f65fca9366d807408be6b2b2a09a585b2a9f971039ad921fd0201ce3fe3a7cb6e4ab6c18894252a066b0161818b6ca6c6aadfc56bd826f39753306ce12

  • SSDEEP

    6144:KBy+bnr+lp0yN90QEUF2u0hL8qWzZZSrQsMIP5dM7Vtp5af45jRIwn6aCVPSnTzN:PMrVy90KcRhmlZEQsJ5S7VtjJ5/F2+

  Score

  10^/10

  redlinefabiofuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1