Extracted

Extracted

• • Target

    efaab20c4a528a691b35ad3f69e2ef3ebe715618bd6e35bcb1efdb08fbd25518

  • Size

    561KB

  • MD5

    9d69cb3e1c7b7176d46f203b0d19174f

  • SHA1

    9a336119a8b5fe3ad7cd1ad5e5db64cfe15e9adb

  • SHA256

    efaab20c4a528a691b35ad3f69e2ef3ebe715618bd6e35bcb1efdb08fbd25518

  • SHA512

    8c19067c74035538a435f3388a5445151f891e22b97536cf8eb42019ced759634c7e2b01d1a3be9f3d575132d540c9b97f8bdd9027bccdad49a675a5bbb939c9

  • SSDEEP

    12288:QMrQy90iI+VVd7RNFC58SmDcSfJKKi/dS6pk0Qot+V9GNMbrpF:QyH3VVzPC58SmQSAKq8A/NMbrT

  Score

  10^/10

  redlinefabiofuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1