Extracted

Extracted

• • Target

    cf6afc77dc84f56f6b2d75efb83037aaff1b44c5eb78ef4a933651f403393863

  • Size

    539KB

  • MD5

    15794ae7db858f8de17de5e679c0cd97

  • SHA1

    92a32ad2d5e83f8a49af67bbf6b58c3afc9fa511

  • SHA256

    cf6afc77dc84f56f6b2d75efb83037aaff1b44c5eb78ef4a933651f403393863

  • SHA512

    3ba519d0cf95b5773902b1731bfedbdf6be69e3026de03905716c7c56515a43e87b6ded98a5acd3e622cb67991f308fc4b85a0cd7a49749dfe8a8fde69617893

  • SSDEEP

    12288:hMrqy903It+k4nSXYOd/7s9UcKQCIdQS6o3I3xbz:vyzRJIOd6KAdiQI1

  Score

  10^/10

  redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1