Extracted

Extracted

• • Target

    cdec9f1a7abc975c31c1d4a9816081171a9f656c4219b219230151bfbe4b8724

  • Size

    680KB

  • MD5

    9de17731fd98869af05ddcebf5b4fad9

  • SHA1

    80c24c242497a5e210b20c9961837198af266829

  • SHA256

    cdec9f1a7abc975c31c1d4a9816081171a9f656c4219b219230151bfbe4b8724

  • SHA512

    d63c8203fe5188b9ddf576042f335e536e6faa7753804881ad45cf8e51736628cf2456cf209c6992a883f7c5f43beeda96e39910a5dba3a7b8406c615ec3ff89

  • SSDEEP

    12288:cmMzFXFWH+sb7gsOV4Fcie32MPCXBCL2y/EArnF7mUeqlBCKVO2Ri:Q2HD26KieG1Xs/E6F7mJqlBCKHI

  Score

  10^/10

  redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1