Extracted

Extracted

• • Target

    c08c9bc142830666142d3a22b981fad9d5ca4309311928590b75367921721ddc

  • Size

    722KB

  • MD5

    0d04e2ba0b763b74dc1131bd396712c1

  • SHA1

    d632e12b32b5304afc77054a0433241b5b1e531b

  • SHA256

    c08c9bc142830666142d3a22b981fad9d5ca4309311928590b75367921721ddc

  • SHA512

    299aa9f9cbea7070571f6bc41bdaa6252fc8990279c6f740f31f7692fe6df6c60c2b2f439c71534c7b00ff1544def426a68a3cec2ab22245f99bf984dd6da112

  • SSDEEP

    12288:wUC6qtAYrgDbPEtl70b87ipC3MRH0yLS5Q/vbIQ+kUuE9OOrfHwGQjZ1pUNT:fqtKDzEbr7ipAMu6zXbIQ+NuWv1gINT

  Score

  10^/10

  redlineborisdogmadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1