Extracted

Extracted

• • Target

    85eef5c44cc9644b81ef787c219a2109b60604189f8306ae97cd361f2da01765

  • Size

    659KB

  • MD5

    fa08e0cd871c6dab49620f3909afe5f9

  • SHA1

    76c259e12925039069197df74014ab270a10bd33

  • SHA256

    85eef5c44cc9644b81ef787c219a2109b60604189f8306ae97cd361f2da01765

  • SHA512

    ad47a573aab9a54b343b7ef98067de1eb46e284bd3a519770582c1059e895e0187087c36431056424e96f83c10b4ac25fd227d8935919e741967e9e768d60aa8

  • SSDEEP

    12288:oMrIy90q1MJGG+udJaHU32WjJraNYqdBdDtOQ5yghXw+9Cq/x:wy/uJcGwQzONYqxDtOQZX/J

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1