Extracted

Extracted

• • Target

    1e440e94a5664226435188e81b308971a4982a7c7c130c69f90ffdb21df9c926.exe

  • Size

    685KB

  • MD5

    354c85a42efa4053b0dcaec9feb41be3

  • SHA1

    4f05959c72e73ed28d40436010218f72b46ffdbe

  • SHA256

    1e440e94a5664226435188e81b308971a4982a7c7c130c69f90ffdb21df9c926

  • SHA512

    138b18137a879633b2bf4603e1b86005c2fa7b0b6f6dc70e57181b7f0ea32184480d0583e3e3bcf8c9a379e10f75c695c9f880d4aa25c30fd6ca7ac005846d8a

  • SSDEEP

    12288:pMrSy90t6ss+VnNqL4GEjlX8eoNK6xR4O2UtcL:Tya6vmpFuDS

  Score

  10^/10

  redlineborisdogmadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2