Extracted

Extracted

• • Target

    ea52c5855fc15de39b00b2540839ef6cd054701067384098bacd5fbf0607d5cf

  • Size

    659KB

  • MD5

    317847333d7c9ba14a212040fff546f6

  • SHA1

    3fc7305dd2e7c66cf85c694838a0ef51e7b187a8

  • SHA256

    ea52c5855fc15de39b00b2540839ef6cd054701067384098bacd5fbf0607d5cf

  • SHA512

    c88ae483f702d4d246b5a1e2fa508c213df73263be6ee595857cefe5c8db1cb12f786e1660db5ef12191007d832a306dcca835e7a165dd5a33595a19cec73a45

  • SSDEEP

    12288:FMrWy90V1jdGDpyBe08nY+lRQg24ILOZXA9he1WnK:rys1EDsIPTlRhbaO5A2gK

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1