Extracted

Extracted

• • Target

    b0d9a6c2897589876c6a6f7477b9a2efc1b9475255b36c15bde4329565d5862a

  • Size

    684KB

  • MD5

    a8110a5f0154f9a05e8f4dc75cc9e5f6

  • SHA1

    c1b14297e9bc68837274d891859dcc1e6d95dce4

  • SHA256

    b0d9a6c2897589876c6a6f7477b9a2efc1b9475255b36c15bde4329565d5862a

  • SHA512

    cec227b0fd54d4965efaf2b568167c52567729ae5736ebc5a503f1cf8e7bab27db94f0a9530f23ecaefa0f22eaa51f0339ed7630d485788d7f279e7761a1cd97

  • SSDEEP

    12288:aMriy90vXsX5JpP5p+nJb6yjC32R51yazMwH5UUVmzL3w3:EyhKjCm5MGfH5vmzL4

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1