Extracted

Extracted

• • Target

    34770bf88054ccb6768c6065d143d41240337dd2af5beaad091c229c501e29f5

  • Size

    705KB

  • MD5

    371ebf311325cb27fff001b621cbc1ae

  • SHA1

    5725986dc86eff3364816c33a81ea3843949f641

  • SHA256

    34770bf88054ccb6768c6065d143d41240337dd2af5beaad091c229c501e29f5

  • SHA512

    3bfd2c26f5f29bb1fc6a0014ad50d7dddfbe9bda9446b9e1d298114f424d420242d9d2ba43f8ae6b033b798c3d14353d0c534034795f3b97f0a675fa6c054bf6

  • SSDEEP

    12288:8Q8/I5IsZj2qAcsbAWDLCHSJnITSFpVudjtcKl7R9ntzafhs46FeTkH:8Q8SZ2qdD8gqITyGdhcKtntufhspFeTI

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1