Extracted

Extracted

• • Target

    01a8302753ab575cf474704252f74a1e52578e512032a05f103b7bb3eb303613

  • Size

    536KB

  • MD5

    0511ca3b9436d3e8f403fd8a3b457552

  • SHA1

    337abd2cbdb623cee6be2557460e02c7aa2bd449

  • SHA256

    01a8302753ab575cf474704252f74a1e52578e512032a05f103b7bb3eb303613

  • SHA512

    4769749b8538cc174ef386054894bd37f90d525555d2aec19bd2b966c5f7c20aefec68e88bc9d0ed7a07724ef6a077cd9fe611d57fc31eecf8f5d63974853166

  • SSDEEP

    12288:ZMrEy90mzcAZ+N4r2i3h1Y5L3C1ol5CDFU:FyrwAsN6d1Y5L3m45AFU

  Score

  10^/10

  redlinedownpolodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1