Extracted

Extracted

• • Target

    c2402ba2eae527959aad74c8d710a3be7193f2132cad4d7b845f9f31817ae1a3

  • Size

    701KB

  • MD5

    dc804ce13da1e6a5a922eaef2812ce1a

  • SHA1

    9e9ab4847ee3940c3a284adcd118534483e9930c

  • SHA256

    c2402ba2eae527959aad74c8d710a3be7193f2132cad4d7b845f9f31817ae1a3

  • SHA512

    d145de6b0d39d6d57a047c170b5d8ae8a6581c96d7a45038fd6e90dab0aabe2aad3bfbb5b62c2e25ba7af2d8be5f228a9fbafe7950efe8e1f0d3d7004b98f544

  • SSDEEP

    12288:cMr8y90aee35BS8+0/Jy8yPEGRO37X0KPDmNwPDMLdwV5esC+3J:gypTE8+0Ry89z3wMKNAD26MsC+3J

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1