Extracted

Extracted

• • Target

    97d8c8e4e7ccc0e8ca3d3089660412259682bdb7e7ddaad6b8579ceabde06d5d

  • Size

    683KB

  • MD5

    5c54d14346b422bd90ac03852e0f9e23

  • SHA1

    27823c11e489e1c41960186e7f0c89e66dff907a

  • SHA256

    97d8c8e4e7ccc0e8ca3d3089660412259682bdb7e7ddaad6b8579ceabde06d5d

  • SHA512

    24bc1e1329d383006a6b25dafe9ec15f79d8dc7a2dde6e5a29a45b6db4b00e70de3faf5091052980deb9431ac3f12436bb68511d75ee3af92d9fc0e9a64a66af

  • SSDEEP

    12288:JMrgy90JV8wIQugROhialiJv1bj+0LhzyfsFW7bUPBmnL3fwAjUKBTTd4:tyWTym1bnusGbKmnL4ABxd4

  Score

  10^/10

  redlinefromrosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1