Extracted

Extracted

• • Target

    39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103

  • Size

    560KB

  • MD5

    c157049b914f3024400917c2c1897836

  • SHA1

    fd4653c6777e729cf4f2393a3565643fb4340e09

  • SHA256

    39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103

  • SHA512

    1b90e3d6eff07d2e4e6cc0659095f447741c6d4b0e75ab24bb91c957e8b1e9931f4b2dc2968309b0ee6a5fdeb141f9c883ada06fd229e9b6f5eb506f780d0cbc

  • SSDEEP

    12288:xMrqy90stAM3tKcg8LQsLcBC8hXRP8FIBkiT:LyB3tAyZo7hXiIyiT

  Score

  10^/10

  redlinefabiofuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1