Extracted

• • Target

    cc3bcb75347b783ea20b5c74dcab8ed166c49a8a0d67669a374acf1bf8a63c99

  • Size

    577KB

  • MD5

    6adcba229069fc5aa9cf189c33f75daf

  • SHA1

    cec9b7888142101202d8cfdc9ae63f431bd1eed2

  • SHA256

    cc3bcb75347b783ea20b5c74dcab8ed166c49a8a0d67669a374acf1bf8a63c99

  • SHA512

    219b59aacb0e33733e0c881c9d8e3b0dfa9f0c54bda8bd6a7276636cfe1d7f469d0ce2f6b64f6736e1b31087cb51970e20cb8b4269b96a0ec9aefd756f57e4dd

  • SSDEEP

    12288:0Mrsy90Wahimz7AuxqVLxFYn54YgCiA6QBoNrSfd:Iy/sVAuxYLIXgK6QBopSfd

  Score

  10^/10

  redlinemangodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1