Extracted

Extracted

• • Target

    f17c431956300a0d846a7bc8bd98031282b7b7720480f62ca7b9e3e5d3a39792

  • Size

    687KB

  • MD5

    9299d187c6ad98aeb0ec053ad1384426

  • SHA1

    3fa074f5f2a0f4a912dff112cbdb9a34a16a55f9

  • SHA256

    f17c431956300a0d846a7bc8bd98031282b7b7720480f62ca7b9e3e5d3a39792

  • SHA512

    c4ab7a046ddf45bd4a4529355d7e038941343c82658822b50cb61d13dd5a0ff928c7bde763df1469cb6f2f6695ec8425f95bde4c120b1e88f7b5e15848da4aa6

  • SSDEEP

    12288:yMrzy9097ZkKjsy3x4cvThxwCzs6yjeBwP5Ojk9MlJgLUqWuXXaCz7bPT:9yqVLYy3x3r5z8jek5Qk9kgLUuXKCzfL

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1