Extracted

Extracted

• • Target

    0a71c8cfaa0ca6956575084c0fe3ecd9f3362d85cc74181415c66e54d309f1a3

  • Size

    680KB

  • MD5

    09ecd5133a9b7703bf6c4c4112daae56

  • SHA1

    a43e96d549ca04c427cc0c1b70cb663a4dfcc695

  • SHA256

    0a71c8cfaa0ca6956575084c0fe3ecd9f3362d85cc74181415c66e54d309f1a3

  • SHA512

    76d855d4e915b23bc375aae02ace8aa424a56fd2752576f2c1a1b8bf50e3da24d9c28472f4c64c1b691d170dd9b4274c2103db7178e8f5b3c9ef95bd9f5cf2c6

  • SSDEEP

    12288:wWhiwvydhO5fi82I8vkYVOIWEUSu+/iibwji4JLM+nOmr4A1fCXDR76:wWQdhO5fp2I8kUOZm/jbKi4i+XRhCTE

  Score

  10^/10

  redlinedownherodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1