Extracted

Extracted

• • Target

    5b20f82fac5e2899fb21fa5a25557ce1ba646aa4ec8259ba3d6116c31b3777fc

  • Size

    726KB

  • MD5

    8f3fb5f59db469a92f191626d36d0090

  • SHA1

    6df2a3fcc5a51327690772f3bc3b358f4fda168e

  • SHA256

    5b20f82fac5e2899fb21fa5a25557ce1ba646aa4ec8259ba3d6116c31b3777fc

  • SHA512

    6d38ef6cd7866cc14e58243fb7ac9c511b14ac7eea249dbf2dd7c4ef0b469b2e1d80f5ce050ad1dc98d684d58c237d902e3b226dae3399bf90295eb8a1d09ea7

  • SSDEEP

    12288:np3JDQAu5fdU6AdozuoTnsSu07dIIaYwKFd9iGWOCKjEWf8XgtpsDUdIQEm7ZxS:np5u1G6AWK/C7dnap89b98Xmm/m72

  Score

  10^/10

  redlineborisfirmudiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1