Extracted

Extracted

• • Target

    c1031a3f9d2b38503858c38730ba7b8dcab80a871fa106f13af0bd0d25439d70

  • Size

    695KB

  • MD5

    07cdbf97a992dccbc58200bb3167d55a

  • SHA1

    2118f80cdab97d143da4484a63af72b32fa0f460

  • SHA256

    c1031a3f9d2b38503858c38730ba7b8dcab80a871fa106f13af0bd0d25439d70

  • SHA512

    93b5b61746ef0701076bc9f185a7d99343ce5a5926ff61b3ef01b0dceec591df76cde20ad74d9e893efd56df9963cc636977e1fa53a2da91c01116c7deb0175c

  • SSDEEP

    12288:AMrOy90D2MLM9Xj+Rb1nD33csmkUBUAAoit5NDEuM6cziVIJ1tEhqjrKCMdJ6So:+yjMO2bNcVvUpt5NDyXiuFEnCMdJ6n

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1