Extracted

Extracted

• • Target

    f0425b5dae143571aab33f7105417961b0bd9d1edc365912ef94461a0866def5

  • Size

    687KB

  • MD5

    a2ab38f4605d255a20041b5faec7117e

  • SHA1

    d7081177a288ed81fd6d2b86e3450a343b63694d

  • SHA256

    f0425b5dae143571aab33f7105417961b0bd9d1edc365912ef94461a0866def5

  • SHA512

    5ca776358fe57f3fe5d199d72b7c3725376124c0bebd11b67485be9ad2f5b794eef183410ae20acf620cbc58811000a01a4845796cb64dc557200dbeec29ccb4

  • SSDEEP

    12288:EMrOy90IagEL1XKhxOJYoI+KZ0a80bgxaIy7:yyqL1XKhxOJYo0+a8I2BK

  Score

  10^/10

  redlinenicesonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1