Extracted

Extracted

• • Target

    0918bf535bde77cdf7c409c12fbd6e542c2078173ee4233bf655d34fcb917eac

  • Size

    672KB

  • MD5

    68ed83ac8172ff52c1401262bb11a14b

  • SHA1

    87bfeccb388dfb0c0ab2af712d5a45359ffaaf5d

  • SHA256

    0918bf535bde77cdf7c409c12fbd6e542c2078173ee4233bf655d34fcb917eac

  • SHA512

    61d97877691bcc62c2fdc89ef9f04a2475b6db7c12280073daa7540941bbfc8e787edf9909d677de9d058bb62b0a67058bf2c365fa47eb6849b056c4937d54c2

  • SSDEEP

    12288:rMrHy90sUtPwomPLFkYwtqBDiFMeBCP76BpJ1gI7jYom/p+YUBfhpMg3pmMjsy:kyowLFkBtwQMrTGpJ1gYYo5FTFAMjn

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1