Extracted

• • Target

    b0d824c3f1469bfe7fb7d98a832956186d8c496d65026ed27ee7a114b064ff55

  • Size

    393KB

  • MD5

    7d48cff5946299717d1a04aedba3239c

  • SHA1

    18a8433db0e6ee1fb68daff2cf7ed4a601b960a7

  • SHA256

    b0d824c3f1469bfe7fb7d98a832956186d8c496d65026ed27ee7a114b064ff55

  • SHA512

    3c27f6c5c209476c7068261e56d99bb1935960e14167de973c3585537f7b7a886dcd3c8275868e67b1939d8b21bd526d0d4eb5dac6f1f89ab9af5b6fa1071cc8

  • SSDEEP

    6144:KIy+bnr+0p0yN90QEZuwQDQix1bE4t5B9uo2D8hiu6B4v6uO02i5V:sMrcy90TQUiTEa9uuV6BcSCV

  Score

  10^/10

  redlinemangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1