Extracted

Extracted

• • Target

    d9119db9d5de4061e1f487f3fe1e8c9e58153063765c26f1407d969056e58ecd

  • Size

    697KB

  • MD5

    548a979ba49a2e9a3d65cba998708cef

  • SHA1

    30ace72f9c8859d9cd42ce25f9d706d7207e1cfc

  • SHA256

    d9119db9d5de4061e1f487f3fe1e8c9e58153063765c26f1407d969056e58ecd

  • SHA512

    abe1c9c1f7a7c0e13688deab60c4ab71cb26028638f3b085d4c936306e85a2a257004e335e7899bd835284f3a3afed8d56fbe160f9548ce36571d69fa93715d8

  • SSDEEP

    12288:xMrHy90RQydJhTOl6EiGYHv8s/fLeTiACxgL69PGjAAxI9gBhfPRw5m+m0:Kyc4l6ENWv8mfYGQ4GjRI9GhPcf

  Score

  10^/10

  redlinemuserosndiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1