Extracted

Extracted

• • Target

    72f340a036eb778b8e1e147d149b2877dcc15a6dbab538c12699437ecad4f2f9

  • Size

    561KB

  • MD5

    a914ba69b31d026f95b8bbc7979e9192

  • SHA1

    b15ffd47edd1ab0a50f7864f59ce39d0f7b5cf1a

  • SHA256

    72f340a036eb778b8e1e147d149b2877dcc15a6dbab538c12699437ecad4f2f9

  • SHA512

    e81c2cf37bbf9b6dee0c872f4aa0a85fdcd03071175554e983c59fd92176ffbf9ac67d3f5dcb9d440068895fd46256c09538ec939363736d189eaa66e22818ca

  • SSDEEP

    12288:sMr6y90yrie/ODYUlKxaPLLwRrxI0Vb+Udf:Wy1rRrUcaPwFu0iUdf

  Score

  10^/10

  redlinefabiofuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1