Extracted

Extracted

• • Target

    87f4f43f82e874ff2afe5431136903f1d8d33bfafd54a9a18e8f628a7707dcf2

  • Size

    689KB

  • MD5

    eaa66d4498f22a0fb820867ed448b7fa

  • SHA1

    0277c7ec6593f44309e33d8e3319d96ae023c44e

  • SHA256

    87f4f43f82e874ff2afe5431136903f1d8d33bfafd54a9a18e8f628a7707dcf2

  • SHA512

    9c8687c53164eb89138564ae7e29fa8220468c0b36c29915385490d1e724bf67edf4900a1790c28568f3c0bdb7156ee770fb2f7357b76ee2b43f6cd8151946f9

  • SSDEEP

    12288:oMruy90vr8TqrCKWezDyh65hLukmySH6xSz+2vIoFYNfig5Wi731m:GyJTaCsfarH6xSznbYNagAi7Fm

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1