Extracted

Extracted

• • Target

    c9a924d5044f00f7a4cac45c2de4bdaa122022ef860466058fb81f7027f037ff

  • Size

    695KB

  • MD5

    825e2c3a42386159cad22b8d8de44422

  • SHA1

    746a1294dec74faf715ae92c1de4aa054e0f1e31

  • SHA256

    c9a924d5044f00f7a4cac45c2de4bdaa122022ef860466058fb81f7027f037ff

  • SHA512

    45821744532edad0716e478d0a8218654e6d9851d4a6eb9962927d0a584a433941bd7e5aec8e638a1776049acdeb13115a1698688215f75d66757205346ab6ce

  • SSDEEP

    12288:qMrzy90/AddAq0sA1HDg7BeDtUY1/2ouPlypDkkFrzhs/JK4WZICq:hyaUksAJM7Bex7/2oelypDkShckM

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1