Extracted

Extracted

• • Target

    f0566da13693562876f139484589519fe6f581fcf24f44e2ad8ce6a87663ceb8

  • Size

    673KB

  • MD5

    a44a997bb1a50a1782e04723761ac94b

  • SHA1

    364bafd144f10e2a64c9852b3c5ba4d5f4270840

  • SHA256

    f0566da13693562876f139484589519fe6f581fcf24f44e2ad8ce6a87663ceb8

  • SHA512

    501a8f5d0f7a726b59279782f8e87a30139c7fe27f5a4f4a9a0a2179c894f36595b48235cdce7fdc6674659bb7413727884c9c29bc6b9aca9cf07fa980068bb1

  • SSDEEP

    12288:xMr6y90uS1TQIEeY+k/nM0E7OXcJr80jWcMROK1N68DG/OPA+8SyuCpTIeNhPH:zyU16JN5BwjM0UZA+hbCZB

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1