Extracted

Extracted

• • Target

    103d55a6f9258f8e5cba7241af3cbdf39255c36aadfc5107ef01d0562d86464d

  • Size

    544KB

  • MD5

    f7aff7bd77f9373b6a3871c708f92fad

  • SHA1

    82a53fd3f738fda078755607f27a3c9b9ce497fe

  • SHA256

    103d55a6f9258f8e5cba7241af3cbdf39255c36aadfc5107ef01d0562d86464d

  • SHA512

    76e04c8896ce9dca2fce4441eb5efb3ed07a5f393d69aedd46121fb63a83a3b4a630c47b8c745d17ec8f18be85c3ee1913b9d6df6e7de04505908f38f85a8ba0

  • SSDEEP

    12288:OMrwy90SLrUAxKD1/t86L9Rfe0OLaYqgUQMLJwlDTLfRzqL0ImsrR:Cyr33iFzL94BhMdyJTHsrR

  Score

  10^/10

  redlinedownrealdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1