Extracted

Extracted

• • Target

    78522c7aa43424d96fbeb284f3ec02f824229e561710f3ab2c6376656ea5970e

  • Size

    705KB

  • MD5

    c87b2fcc7f7168e0d2d5c3800c6f66e1

  • SHA1

    7531e7ca390c10c96a60e2c3159ba38a978f41a5

  • SHA256

    78522c7aa43424d96fbeb284f3ec02f824229e561710f3ab2c6376656ea5970e

  • SHA512

    a00917f60a1f5963dfa69aa89f68681bd752c82d6789ceddc97276a605c0dce4e9e7bbbff1fea02abc094fe6b7405400bf748f449028f4027cc81c95bbd2d53b

  • SSDEEP

    12288:ne42StnJqYU2E8wGHAoYuYvX2M8tA2NLLMcWKdAo:ne4tMY9EMHAS5lkKdAo

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1