Extracted

Extracted

• • Target

    172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381

  • Size

    722KB

  • MD5

    06c5e664b2311d9a2c5e645e055c29d5

  • SHA1

    e7a9627695ddf10dc8cb6db6b70f441d7098d0fa

  • SHA256

    172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381

  • SHA512

    7929cc524f22ba2f329dbd76d2dba9e64c437124486d75ae59d97430c90a08fcb9141b6c59d03988ff32c39a3da2d706bbbcf19861a656f9cf60416b7fe74a6d

  • SSDEEP

    12288:R1J7ppIKstg6eUo1UbOYIPrdHK939cA3mQo2PC5YCn9yAMX6w2Im3Gn9u:R1mKsq6ajPVQoY69ydqws3GnY

  Score

  10^/10

  redlineborisvizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1