Extracted

Extracted

• • Target

    d81da31763e06292d1dddd25569d59de6d1656fac4df85d8a686040ed6913a9c

  • Size

    683KB

  • MD5

    0cb861ae09c778786406b1e17a90e19a

  • SHA1

    b43f6330a09e4da5c92da7499a9f6b968889a381

  • SHA256

    d81da31763e06292d1dddd25569d59de6d1656fac4df85d8a686040ed6913a9c

  • SHA512

    52abc8ff2ffb2da1daa27306f6993417f929ff9a31a5fde59ade1f82cace51f94ef0a4fa341e95984c17018b821b240a89530d8936cc5c75dc4512a3eaad5b1c

  • SSDEEP

    12288:RMrwy90NVHXUGPz6phj+ptBbZuR9kQB3y1jge/nekff3BlqVckYKxnJAP1:VyIxR+ph69bZuR95iFnB33BlqVcOyP1

  Score

  10^/10

  redlinedentsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1