Extracted

• • Target

    01573e87970134c76f65bf70be728070d9d6ef75dd66d7a448ff5d6a2e7b87eb.bin

  • Size

    1.2MB

  • MD5

    dae68c45d503cc2828b3387d5f9fcb84

  • SHA1

    59f2b17be215230d8c3624b7fddb71627c95299d

  • SHA256

    01573e87970134c76f65bf70be728070d9d6ef75dd66d7a448ff5d6a2e7b87eb

  • SHA512

    1b0494ebe911a3ed2f406430f723b17c52193c4c2376ce12150b3ce4c336ce5ec7b1a59aaf8f223478b85e6419a179780bdd4088199f78d96bc258bfd64ebdf6

  • SSDEEP

    24576:xyvkEBMgF4sRJAP9Je5pjDtqRKvhkIUYKCQcrhTUALPrQm1HTt:kv/BMc49LgpHtguhkIUYKCQsL/H

  Score

  10^/10

  redlinerumfaevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2