Extracted

Extracted

• • Target

    c041106df59519774883a678b1d04dbf6e080567a3deae37422782c35d973bcb

  • Size

    660KB

  • MD5

    6b9b11b0c419d24617068bfb8483dbda

  • SHA1

    d9f2d4d9da7a845aeb728558fd04540c5dd5f4cc

  • SHA256

    c041106df59519774883a678b1d04dbf6e080567a3deae37422782c35d973bcb

  • SHA512

    ff29173a8084f20e327f563a2c682e2e58ef435add5023006b2b85176ea45d04bae462c3757e70069ee5e3b3423a1a1fb9cb9ca368449eb080a7c6ae9dd45775

  • SSDEEP

    12288:TMrwy90IKwv9T75oneDl1nSo2Hbx/HiZd9VZShuJjfl6eXgl9ZoYR+:7yp9CneDG/HiihuJs39CYR+

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1