Extracted

Extracted

• • Target

    546e22ce77083563891d1f9c420b89485e6c700972d0888cfca8195c58eb1971

  • Size

    538KB

  • MD5

    ce8d1452719ed4730ecfd27ca89de3aa

  • SHA1

    3d16d0922f9428aaa6e9e2f1031edea8d7b2f0be

  • SHA256

    546e22ce77083563891d1f9c420b89485e6c700972d0888cfca8195c58eb1971

  • SHA512

    e921a66b74f7d46af44a0df1bb9855eeda5381dfe909c4fce95c0d89b643b506f699be4ec3d1e6bd157a3a6717b7da3175315bfdf062d9a084016fecee835df6

  • SSDEEP

    12288:eMr8y90bz3MaLwKWxk5223YGxgI4+XaeLKXngrdzGWW1:GyEzcaqy5B3YGNqZ3gzGWW1

  Score

  10^/10

  redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1