Extracted

• • Target

    e4ce243eb2953a65951ed0b7ed82b41694c0241949713fa13e6ac3ca53e16d9d

  • Size

    550KB

  • MD5

    ad152a6adc190877042c67f89ec6542f

  • SHA1

    beb8876d3d3655fc45148d906acd568ef9ce4d8b

  • SHA256

    e4ce243eb2953a65951ed0b7ed82b41694c0241949713fa13e6ac3ca53e16d9d

  • SHA512

    d749b657930cf821a9dc3319a74b460e08d929f90ca15f44d4e8a6fb503c8c7fb7da21596a58a6479268d8925c2723b2be7cc0f4023d41bc53ebbb0fb30c8cb8

  • SSDEEP

    12288:lMrxy902ahimz7AuxqVAV0ifF9mp6zWK:4yrsVAuxYq9mpjK

  Score

  10^/10

  redlinefuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1