Extracted

Extracted

• • Target

    e124508da2d117d745da94e62fa20085d8ff153d33222a9bd2419cc1c995ed72

  • Size

    879KB

  • MD5

    b88f21c0567abcf46f6cf16db511f89d

  • SHA1

    ff28ba70a54b177721bae637a8ecf9527eed6bdb

  • SHA256

    e124508da2d117d745da94e62fa20085d8ff153d33222a9bd2419cc1c995ed72

  • SHA512

    2a974655e35fb727b693eff15fbf90160967f5a0838a81a7e2fcb476a684daf9ffe868c102e2770936f21e73a34cb55b10ef9ea268ce48d4bfb8a186ca12a9aa

  • SSDEEP

    12288:AMrJy90P5/BXYBx9z1JAN97r8+SPDFph2Nojmi4tU/Us2A6F0OJ8ghgwof5uNLF:ZyaLXqzU38Lxph2Not4Aw0O3ha5ur

  Score

  10^/10

  redlinemangositodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1