Extracted

Extracted

• • Target

    dfe36d65a73dbf36b23b32a6aadab3f8b7ca4bcabb131c380bb6453605517a6a

  • Size

    662KB

  • MD5

    da3765bc1889c61fd7b989bc9736b928

  • SHA1

    50977fdf5cb596e91626519b5e8b1673c0cbe348

  • SHA256

    dfe36d65a73dbf36b23b32a6aadab3f8b7ca4bcabb131c380bb6453605517a6a

  • SHA512

    1067ea8140b168ef8efabad2935e1cb13808810205cf06042415573a89d31450ec90459df7a7abf70cf219bc99892036101165ca5d8cab55e318219605c1ed95

  • SSDEEP

    12288:hMryy90b7+kr3F1rN2hpKvWOys4piMkqro80yM8FNfoKXa/EmShhomxDQ:ryM+krDrN23Kvz4piGrz0yM83xvmShXm

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1