Extracted

Extracted

• • Target

    125b9711a5ba61220c0437a4f79c32c47afe833f07f2259d01df4b026ed2c599

  • Size

    687KB

  • MD5

    f0783f0247649870ad71946a955a8745

  • SHA1

    93f9f8c2a175c5630c2dd59cb268271c3cfe4058

  • SHA256

    125b9711a5ba61220c0437a4f79c32c47afe833f07f2259d01df4b026ed2c599

  • SHA512

    6f9f150a8d0dfabdc35d32189463eca314557b004d607f284563cf9e21beb88a55e4dd4676732e8bd7d8e110bed825ebc4426b16f503eb7fe8f29599d46e35b9

  • SSDEEP

    12288:2MrMy90vrLBfe6PUB8HIs2d5C1pthQZLYc9t9UobBMNzwkM4PhW:OyseyS8Hn2d5OtYtEo6VDhW

  Score

  10^/10

  redlineborisvizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1