Extracted

Extracted

• • Target

    8ad734d843872dcb19042e42f1c98771222679bea47ce1f9dcf3194038da59f5

  • Size

    688KB

  • MD5

    3cc1fbb3e4261e3c67d22d710d0d3722

  • SHA1

    89d24db08b66dad7ce441c6281f974fee083ee7a

  • SHA256

    8ad734d843872dcb19042e42f1c98771222679bea47ce1f9dcf3194038da59f5

  • SHA512

    9af8eae557128112679156e30d3a4be0e4a2760e231c04e3ad3a1b2c5a0d077d4158923605c33b5f487e464e821a7815949b56284994977e88108479960b2c84

  • SSDEEP

    12288:2MrWy903ZWjjWbmHESQvNotR28U0dsVGlEi2tB120aspbTCOhlZZx:8yUY/0NSMotIUIGlhW7dBnBZx

  Score

  10^/10

  redlineborisvizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1