Extracted

Extracted

• • Target

    0c951c4b35430c4a724f8b525444b62bd909ca11e4dd86fb401e17b934b4f791

  • Size

    657KB

  • MD5

    332350d8c35eff59c5ac56e27ca627b6

  • SHA1

    0788abec754871df3dc24786d92d1dbb58ff12b8

  • SHA256

    0c951c4b35430c4a724f8b525444b62bd909ca11e4dd86fb401e17b934b4f791

  • SHA512

    bce04eaf7c92440cb5a6841e703164be9786bca246ca425f2c2fa518f7711d285e64c99b9fdf0aa00985a0963aa98239bc4b56b24ed3b22b34eef3e8cf38b0d2

  • SSDEEP

    12288:EMrty90o4oOsHpoO6t49mo/NzALt8wl/Pys44ezWKvI8vjGK:ByP7OtW0h5nyt4nKLGK

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1