Extracted

Extracted

• • Target

    69251087e7ae9058555a5192e007bafb6f4ae9a063c3a2f369616eec2e2f7fc6

  • Size

    718KB

  • MD5

    6e9c206e5b21672cd61f18f8873d5649

  • SHA1

    891b505f1524498d450c221ea6696715ae3eb97e

  • SHA256

    69251087e7ae9058555a5192e007bafb6f4ae9a063c3a2f369616eec2e2f7fc6

  • SHA512

    2008086300a90663823ef7a001757587867afa279a12c5798a7a31f8727d554973615efdf7abf171fd5af998362514c69f8c98e87e5078d75af7e0c720b7e39d

  • SSDEEP

    12288:lMrQy90LxdkVzKZzRd7daa6zMbH4J+69bQKPNQUG9KNPRcO+A:ByOxxzR9dHHL3KPNQn9KNZp+A

  Score

  10^/10

  redlinefudmishadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1