Extracted

Extracted

• • Target

    065d5203df32fc2bd66d5a588236dab3b2510d2de946f5929417f38bf4d4232b

  • Size

    551KB

  • MD5

    cc0e641299a09728db53acdc1dc78b8f

  • SHA1

    c3d4e2d25533ac0856af7668b471356f7c4ad70e

  • SHA256

    065d5203df32fc2bd66d5a588236dab3b2510d2de946f5929417f38bf4d4232b

  • SHA512

    13c61960b74f729628a09978905a92f4a0a098ac1030d3c0900415b41dcad86226b60d9f8efbb6a655dfc87058a4bbe24a51549cf9c3b367aa867332adf795bf

  • SSDEEP

    12288:QMrWy90VcCdVEQQL/eM8fITQccdcBds/+c0a+WG8:Wy2OQy/eXgTQccdsncem

  Score

  10^/10

  redlinedownlowndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1