Extracted

Extracted

• • Target

    a3936ce16d3058148aa89df5bdfbee2db9eb6936f22a699b0b63a8fcfab6ef06

  • Size

    696KB

  • MD5

    363d3d19fb05eea509e8509a8b3a67cd

  • SHA1

    1584877063d139b2bd3b37ce7193b7e0b3106bbe

  • SHA256

    a3936ce16d3058148aa89df5bdfbee2db9eb6936f22a699b0b63a8fcfab6ef06

  • SHA512

    9379633f07bcd1b2804db1ea267f96e7d06b22f6def3a631c75bf8b741842c9aea12cdddad8d254ad01aeb8d42593cb85b5d9da7454ee22c063b36f40ba93df1

  • SSDEEP

    12288:uMrZy90QQQhRVTlVbGgmFp4z0KbuS/1akbLaXnhgoTwqhv33iAlk:fy02jVSvv4AK7ckbLwhgoUqN3m

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1