Extracted

Extracted

• • Target

    c9a275fb0b505de9b4f071aafcc51d9d.exe

  • Size

    537KB

  • MD5

    c9a275fb0b505de9b4f071aafcc51d9d

  • SHA1

    bf6a4d7a0a33d952874e31b2c6ebe720cdff52dc

  • SHA256

    538d62f313723ed18a1bfb1de13e8ec1e5125c5f07158ce0db4361c2591b46aa

  • SHA512

    666f85489328ac9353c57e0dbfb96dd874b33227bc3822fb70eb275282cc76ea03afd5555e2573925aff3da2d33269bd92097b25bb104d05cd2cab10a3a14205

  • SSDEEP

    12288:qMrYy908O6crLJ9i6rGlsbB4/oqD7t/7Mgm:2ybO6ci6osqlDe

  Score

  10^/10

  redlinedownsintdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2