Extracted

Extracted

• • Target

    cfa0252c875c75172727cfe0a4401676c3dd8e6662a1ee679d3f3da76f5166cc

  • Size

    524KB

  • MD5

    fac974c21c6d6f35ad212316618b46b1

  • SHA1

    88062568392ad8827467ebf307e0d1fcdea1d7bd

  • SHA256

    cfa0252c875c75172727cfe0a4401676c3dd8e6662a1ee679d3f3da76f5166cc

  • SHA512

    1864eef33d0bf712daf72fbcf9506328eb568f68ed060072f923e00287b42b619ebe938b7070aa1fd7673905aec0e5c54992d856a8abeb92536ec29e09a296e8

  • SSDEEP

    12288:OMrRy90ZaOckTyR4+6qmymWPQlvXMofuuoTW:Pyu7O6qmynyU8mW

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1