Extracted

Extracted

• • Target

    3ecc1274304fb26f291c35512c46c07f72a9f4c0ee80639cccb78793291c5271

  • Size

    659KB

  • MD5

    bffe31ecf6e34ee9f50c76213ecf3a75

  • SHA1

    f0699ffedfc6bd0288bb02dcdd66f1c5dfbde43a

  • SHA256

    3ecc1274304fb26f291c35512c46c07f72a9f4c0ee80639cccb78793291c5271

  • SHA512

    346fb873752c290cc0ae1f8c610efba8327e5c01824193956f400c39ef01693e7ab2b4df87ab56a83e743ba3fa8de80af89ffeef02a6db5f8d29ab8ab2797c8f

  • SSDEEP

    12288:YMriy90mahAOEg9bjSCJty4eK66XaR5YFslR32PifvER:ay69fSzA7X0WFxPiK

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1