Extracted

Extracted

• • Target

    8b65d3a5f4b88531f63739b53787c6c8219c38856677e3397bf32353e035c340

  • Size

    521KB

  • MD5

    017958dd2cfaf38ebe313a0178579ebc

  • SHA1

    d1d0e6c79ddf864f36da299b124bb0ee0db4127f

  • SHA256

    8b65d3a5f4b88531f63739b53787c6c8219c38856677e3397bf32353e035c340

  • SHA512

    33280fd7177ae38965fd4088a8d908bf5f884f9d6ce3b49bef06efd8313bf5a86d9a58eb730c80365dc64b1e7242e3863f0a327b2d9aae3e0de1ab35c8d61c0f

  • SSDEEP

    12288:QMr+y90lVBw7Nap0bv8kCGCsgdad6161hhhLuzNrl4t:+y8PnrkCWi6bXSzBl4t

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1