Extracted

Extracted

• • Target

    cff360fc0a5908cc508875471510cb79058b70d5808f6ed59c5d4a249ca0bcca

  • Size

    864KB

  • MD5

    f107e6173283dfb0c17fb9f820d4d0d7

  • SHA1

    c131839100aba65261dbbb646f1c21894a00a74f

  • SHA256

    cff360fc0a5908cc508875471510cb79058b70d5808f6ed59c5d4a249ca0bcca

  • SHA512

    67a332464adbbc2a42011bc61c015bbdd0bffce8570d4334bce7691df6968a43ec8928be83ce3b7c79228a6371db17b71bab3f37275d8d4be0e4c53639afc7ef

  • SSDEEP

    24576:6yN9QEmlnmzzM6mYD3DJVQIlnFkN/taXBpo:BN9QEmRa9z7QIlmZ0R

  Score

  10^/10

  redlinemangositodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1