Extracted

• • Target

    00b41159381150a775171fc91690d9d33682d4ef60b16aff032fa6b2f049265d

  • Size

    680KB

  • MD5

    702ba22d1b34b849a1227e4b5d858b13

  • SHA1

    043001a06c75c7c5c0950f11f3c9eddbe1e65208

  • SHA256

    00b41159381150a775171fc91690d9d33682d4ef60b16aff032fa6b2f049265d

  • SHA512

    ba50b229634f1ddfb0ad604b11a39891e56abcb695568965752685013bab8f516efe2b5206bbd72aaa069ff45e73ec461fdfcbb512157a88c265ec90859cafbe

  • SSDEEP

    12288:mX7oJKZmgqrU61SF/LArdDoJPHtR53SuyNTOrCpJeyZX0hcIQv:iIKZvQFUFs5o9Hn53SusJVX8Qv

  Score

  10^/10

  redlinedowndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1