Extracted

• • Target

    4c0988399789206cf730c3a47b292c18c78df325a2c466960754bd2e3529609b

  • Size

    393KB

  • MD5

    b43dcf8dccf6a46dbc7194a5f28f7b97

  • SHA1

    f6ad2782b373a9bc583451904bff58b552af74c7

  • SHA256

    4c0988399789206cf730c3a47b292c18c78df325a2c466960754bd2e3529609b

  • SHA512

    f29d251d99f3c2583584a9369e3fc9d438bff1823567ab59717d3dc45dd33ec5333d97c417caa58e6776e0b70bc109aad51460b46cc08e8795ffad1b00f30f45

  • SSDEEP

    6144:Kxy+bnr+xp0yN90QEh7N9Je8brlCnfrPkEYhvakTIQ68FM2IMrBHdL:bMrxy90jNFVczPkxhv/IQ68FHL

  Score

  10^/10

  redlinemangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1