Extracted

Extracted

• • Target

    01af39be74e4103f0175ed8c1107d89114eb65c6cc64d827da4664da583ce882

  • Size

    686KB

  • MD5

    25d303dd8e7bfff1f945dec83de4de4d

  • SHA1

    000019ed12a6889eb7983dfd1a151640efbfc816

  • SHA256

    01af39be74e4103f0175ed8c1107d89114eb65c6cc64d827da4664da583ce882

  • SHA512

    1c9fb11429229d01143b07db4cc5e9e5457f58f22906f70d686385c4170bb4f245c16e5e9a3b86720d2c8b18d905923f45ac926d934e5a89e980cc2861a509ff

  • SSDEEP

    12288:9Mriy9071xFzOc5/XwKMO1gw5/HkRKzAjgyUkfXFylhGqEPXAweBXGGUPYmXcfBl:3y613H6KMRw5tAcyPXYvGxPXqtbrmX8l

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1