Extracted

Extracted

• • Target

    afe908a9f41706479bd3497087ef6741a8cac055afed6112defd3cc60b8b1fbd

  • Size

    540KB

  • MD5

    e6c652d93bc65d21e0c6022aff1e9be1

  • SHA1

    b3cf2176c92c9ffcfe1abc3f5cfad1ece84f9102

  • SHA256

    afe908a9f41706479bd3497087ef6741a8cac055afed6112defd3cc60b8b1fbd

  • SHA512

    cc7ce3f5fd14d83dc49d66ed2e64df430e54eabb90c83cdba3e6805699fd34cd18b77abb5883793bd015b60b00d4a131152ac53c99a10790b6b28cb9fb6da4b1

  • SSDEEP

    12288:7Mr9y90CuFbIC/rv5GwTd9tz0UFB6ZD17GvqsTB9F/HeyOxz:ay3C/7fzi7D17aPHwxz

  Score

  10^/10

  redlinedownlowndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1