Extracted

Extracted

• • Target

    bfb29dd73432d10cf4a794630891b4f59810e903feba2ca5c17277b8777bd8a5

  • Size

    694KB

  • MD5

    d99d4445f0411963122d3df9362f35a7

  • SHA1

    5550419fa1913161e8a2d2d55fa951ff12c0065c

  • SHA256

    bfb29dd73432d10cf4a794630891b4f59810e903feba2ca5c17277b8777bd8a5

  • SHA512

    bdd81210b6355678345031b282109f6b926d3b7d10ea50e61c0d2a56444bb2b60963464fe544a3d51bf94466897f6b5bdc9735ca97f7b3be66815f050f5d3e77

  • SSDEEP

    12288:rMrTy90wAQZhEgNh8HKnmUzQ6vcPssmIBtB1qC3H4atHbMuQk4GxSK:EyVMHLUznkPssDtgE4iQkJxv

  Score

  10^/10

  redlineborisdogmadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1