Extracted

• • Target

    895fb6f69027d24e062dbeb0dad5fb5054aa31c0077e8545631ab644f5b86328

  • Size

    385KB

  • MD5

    f3e00b5b1a3d132527d5cf4790b3571a

  • SHA1

    0700b2798cef9c159e33677d819cf4175cdc3733

  • SHA256

    895fb6f69027d24e062dbeb0dad5fb5054aa31c0077e8545631ab644f5b86328

  • SHA512

    bcd2bf334c29b254a8906187186d22e562f5d74a0818984211e5a2b8ab6ffeda8722f4a38a27998d727c380f1e857aa45c10509311ae141ed15e517427cf3652

  • SSDEEP

    6144:KBy+bnr+Cp0yN90QEwC3NbeS17JpvGGqjbXIAjh6kyAuGy/qnZWPd:DMr2y90jNt17JpJqjbYC6oyC8Pd

  Score

  10^/10

  redlinemangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1