Extracted

Extracted

• • Target

    73c6622b710c607a45e352437f13d5f987a5f9b820b7c2a62576322e830b6fa9

  • Size

    836KB

  • MD5

    6593791ee9705f91245d5defeac2cbd9

  • SHA1

    1b303819f6b3ced7b2038f8e9cd6e85140b82d80

  • SHA256

    73c6622b710c607a45e352437f13d5f987a5f9b820b7c2a62576322e830b6fa9

  • SHA512

    f797a23c473d3648e6d00a7f14ea85c2edc16277080816437415ab99a1cc1994978be822e0cdb92fa8c84ce63ce14e1dda3e6f3558a6efe66ece4a5319b6f000

  • SSDEEP

    12288:kMrcy90k93yYd/Jg5w8yveyX1MKTqRcLOuEZUmI/gmTZ+uaklLYXRou8USOMblor:wyB3yYVm5uX1M4ziuECD1lOMblcz

  Score

  10^/10

  redlinegenarelondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1