Extracted

Extracted

• • Target

    bebc46527c298f82b296d843843bdffedd8463f93d5fe95f8d217b7a1d6f4b0c

  • Size

    534KB

  • MD5

    76e5b60769f6fd32203bd069409e2c45

  • SHA1

    ced97a8a093957a51134b78a5c62c9dfcb5aabc3

  • SHA256

    bebc46527c298f82b296d843843bdffedd8463f93d5fe95f8d217b7a1d6f4b0c

  • SHA512

    c3ce9b66fdc359716e04391034c94d579b3e70068c02e17549c166eaa14bb5c90a6e8796dadbe8fdf34205176e63bb045579fcb4c324cca36ec03c3d77f9598c

  • SSDEEP

    12288:VMrny90ml6VqP1Fg44tpR8NzBbsWUIuKZkxmBQ:eyXlEqP1KTcNz1sBIuKZImBQ

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1