Extracted

Extracted

• • Target

    65beeffbab42394c72bba46bc2f9b2e072793e1c059aec5a222f3b7968183b2a

  • Size

    700KB

  • MD5

    0fa69235664dc018f0fb9de085fccfe8

  • SHA1

    b611020e7d63b9d62092e30a6384ea312b7be335

  • SHA256

    65beeffbab42394c72bba46bc2f9b2e072793e1c059aec5a222f3b7968183b2a

  • SHA512

    426cf0239c706a5dec336002f8103a646c912c794662c4122d8926d12a27bfa656e53179801bdb5cd486206502c93701d60f71e8c550e712afda7c57970dd781

  • SSDEEP

    12288:XMrZy903RhyBsV6rS3kPC9DMVcAmPurcOF4Bu/fB97OiVs+WsCyRPtyFAd:yywsBm6rS3cPmPurcOqyfBls+WsCl2

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1