Extracted

Extracted

• • Target

    bdb83c584f6d17189f982ed98b5bf9e4c721ddb5395f2d9d5b801e9cc45f9fc7

  • Size

    680KB

  • MD5

    465783627b6bdd0fab10188f61947f88

  • SHA1

    08fb6c04b0d9e4d0e3188e614c453830bf7c8a99

  • SHA256

    bdb83c584f6d17189f982ed98b5bf9e4c721ddb5395f2d9d5b801e9cc45f9fc7

  • SHA512

    b86b03ea7e4bb806c25fb08912194954937a5abcc57c0e7893aa0cf4c71afcf40560271fa364ac14d3e508337710a5cb8adced44da6054be42abc477c0f7308d

  • SSDEEP

    12288:amMzFXFWH+sb7gsOV4Fcie32MPCXBCL2y/EArnF7mUeqlBCKVO2Ri:u2HD26KieG1Xs/E6F7mJqlBCKHI

  Score

  10^/10

  redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1