Extracted

Extracted

• • Target

    5ebc6cb2d0b385361dbc50c6f7d7a719184509aafe3dc1b9bb64a32bb03205f5

  • Size

    687KB

  • MD5

    c6ec905ba1c71b977a22c3025e0842a2

  • SHA1

    a71d870264009e8edba6e7f18b19c25c8e45ec72

  • SHA256

    5ebc6cb2d0b385361dbc50c6f7d7a719184509aafe3dc1b9bb64a32bb03205f5

  • SHA512

    895f297cb9d3ae8194b5480e9c43467414921ce73bd115e978512393e4df195a55ae681bd3e7b14e21c1d3f1c83b70fe8cb887703d3f26fad56a9b8b63f63b0c

  • SSDEEP

    12288:hMrIy90KLv3e45mclNVtUmjO02m2bkc1YUxjIHh/1mzZpb4zMtQT0z:xyz3vrLVtLjO02m8kcU1k/beOQTe

  Score

  10^/10

  redlinenicesonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1