Extracted

Extracted

• • Target

    cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230

  • Size

    864KB

  • MD5

    29381b7ef0d8518e3a53c0f78ef14cbe

  • SHA1

    3e3dbcd31af5c332e570e7fb4533910ff05ffed7

  • SHA256

    cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230

  • SHA512

    7b649ef8ca7ce7255b2a90372e3bb89ce144c9e2ed2d6b0281d41fe49833165abd625d3ac49739dbc6b1e59929ad255dfec30fa59e738278334d31245669d8a8

  • SSDEEP

    12288:XMrsy90d8g1x8nHBAfh1OzZfV4ZwLqp74DiNZBqileuoz4Wo5iTGLNNfz:Dykp1x0HqLaneTN4DviZoz4vkI3

  Score

  10^/10

  redlinemangositodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1