Extracted

Extracted

• • Target

    36e63aa3038377f642f336489c8b22b193e79d0823ce35840df33237248732eb

  • Size

    530KB

  • MD5

    84f400feb3becb14d1c4a924d599b592

  • SHA1

    c701ff3e2fc510069cff908abd4a64f962f544c4

  • SHA256

    36e63aa3038377f642f336489c8b22b193e79d0823ce35840df33237248732eb

  • SHA512

    836684c96e6d854e4de94eca089027170f6e037bfb2dd03799b91fe851ed3f87e21982ce204fe526e55e33339ad19d03a9a3846014ce0fc37d2354cdcbd594ad

  • SSDEEP

    12288:WMrIy90OSK8fNKaSYg5cfE8XxP2BORJEU1XpN:Cy7raE5cfE8hP2QnpL

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1