Extracted

Extracted

• • Target

    a45397102de355e6c2553db3cfcebfafbdf113742789084b7d0b2fce11c9daa6

  • Size

    721KB

  • MD5

    c41e6680b6ed1516e0ae6b051e167bd0

  • SHA1

    2679e1eff443caf2bf1c59636cc394e5a9120f34

  • SHA256

    a45397102de355e6c2553db3cfcebfafbdf113742789084b7d0b2fce11c9daa6

  • SHA512

    f124343c5d93535933fa1d0f46adea4562d53f0d38811601a785db96c4d205d276e8b73e1b0d3ba1b1f662a4a01ca4aa4702a9d7200802f899ad02b72a73a7fd

  • SSDEEP

    12288:QIUKWx97SIAyrde62Tf/azs98PmFWVItaSb4zokjD+Z/YzH2tcu:L497HwTf/ao98+CIcq40JZATSL

  Score

  10^/10

  redlinebabyborisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1