Extracted

• • Target

    011643b1c54acf6b5d5a36f169427e1370454739feb6ad6fb48a1396790bf1bb.bin

  • Size

    981KB

  • MD5

    1b586fe9c664523feefcef9adca2187d

  • SHA1

    8e91d77ee96acae62daf5bef3c5e34af1518507b

  • SHA256

    011643b1c54acf6b5d5a36f169427e1370454739feb6ad6fb48a1396790bf1bb

  • SHA512

    7f9ec1131a836d3f34807cf48a7bdc01f16ec297cfc2a40c626c374452b26aaee761897e7b518fc0611aea90c7db6aebc31e92891fb34848012b4f2614acdbf9

  • SSDEEP

    24576:iyqZSnVwD/vW0xi02/hwPUB5Wnqc6+7dDjtrHPR:JtqLifw8B5Wnqc5NP

  Score

  10^/10

  redlinerostoevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2