Extracted

Extracted

• • Target

    eb1d8f9c93a38829d9dfe497d24764d4fb764fb847a21db981d048e0753f680c

  • Size

    530KB

  • MD5

    1d73a09ba90b28188ceb10e63680401e

  • SHA1

    aba1f3ce18b4a1498edaae2e7eae463c33b41144

  • SHA256

    eb1d8f9c93a38829d9dfe497d24764d4fb764fb847a21db981d048e0753f680c

  • SHA512

    ab104ba0049c72301fefeb60a457b0ed5920d1c90effdb8b0ace12987ad8690f30b6204cb1f0b66ce165fe7c476867dd21b9dc681a7cb347b6a7f1e754dc2515

  • SSDEEP

    12288:TMrZy90z52xFztJu4Z/fn5t/0/E8vxuN55ghD6lgl4Lt:uyU5+Tu4Z/xtM/E8p2v0624Lt

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1