Extracted

Extracted

• • Target

    440aceb6b427a9dfb63f75722c56a31b3e2208865cc275bc93495a85ed18e589

  • Size

    675KB

  • MD5

    af4d1f6294541cbe1d4e167f8ab2aecc

  • SHA1

    609f563adc635d39cd8cec6d3bdd57ff514bc061

  • SHA256

    440aceb6b427a9dfb63f75722c56a31b3e2208865cc275bc93495a85ed18e589

  • SHA512

    76f8f86d8b11c025dd3ad79c3ab124ef268259029f8b4a55f67caac260654de99cbb4ddbfd8a3325138e18c0ab9f32cb7a1e36a6cb57f11dc9f1cdc0c6b50fe8

  • SSDEEP

    12288:4MrGy9048J3aGxYp1f1k6W0F7hW89PgnHdFkaZCrtwREJUm:+y/GxU100F7hSbkjrt4m

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1