Extracted

Extracted

• • Target

    e2b1bfef3eecba44295878ccc3f9738d2265ac495c5790afd1e429452568433d

  • Size

    537KB

  • MD5

    0188463907b46021fda18694973f8ceb

  • SHA1

    c0faf7a04e43849adfeb74e584295c75d6c86d66

  • SHA256

    e2b1bfef3eecba44295878ccc3f9738d2265ac495c5790afd1e429452568433d

  • SHA512

    7cf9bac2617cb08ec3f3a4d2979f92d1e86dab00df74262681a098edeeaa87ea27c376f8fdc9b2a175160379e146d02f5c6c1441270c4e6c092879a30756bd5e

  • SSDEEP

    12288:6Mr4y90fJbVVNxks+PJc0CphTMrRQ174w08:Wy0tV7xAc0wTMrRQ174g

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1