Extracted

Extracted

• • Target

    bfbb0cabc3799accc3410629170a36a11690f6606850f1b072195d039de56cf9

  • Size

    685KB

  • MD5

    da80dbf23bf1d5cba25240647b79a21c

  • SHA1

    a1a14fc307f1450415c3e3e9f32e0eda823ca1ac

  • SHA256

    bfbb0cabc3799accc3410629170a36a11690f6606850f1b072195d039de56cf9

  • SHA512

    e2b5ada1375d32976bc6721576aab9452e9d683d2f79ecc254dd4e05a311690b0892ad3c72fbe74a56818600aee4283e53af7980fbe5d1eef4b517230184c5e2

  • SSDEEP

    12288:nMray90PPdYnELnYCIfZ3/lZmojiryJvmZArk7BxsHE7xla23bL:dyOPKnELYCIxPLmojgyxmirU/sHE9lTf

  Score

  10^/10

  redlinenicesonydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1