Extracted

Extracted

• • Target

    2cb2e22c322d369668d1b47653b1f1609c26d7cf25064bc674c0fa9ee2558c33

  • Size

    695KB

  • MD5

    b5ae6515a92e70e42568d5a7278eee84

  • SHA1

    f4d7ba423b295629943d1c69e5f62b44887efd59

  • SHA256

    2cb2e22c322d369668d1b47653b1f1609c26d7cf25064bc674c0fa9ee2558c33

  • SHA512

    84e90229fcaf71589a83b0ff73dee6b56a2fa7e45afe2b657dc2d8093fad465658b00d89ad1a3d22d00ec123d0998c1dd0754ffae9638578b78c59381b77ee17

  • SSDEEP

    12288:7Mrzy90LMO98LTvteRYrkVkRjaOEoaIET3ZEAQzF1WJkwwrmkYhY627xW:cy2MO983vtqmmjOAIu3ZEAIFskrmk2Ye

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1