Extracted

Extracted

• • Target

    d8ce5818238a1fb7bce2ffe19fa427af83ecba4da666448f4cec4c68e8701cb6

  • Size

    521KB

  • MD5

    5dce6c45cc4e87d660780f1430793b5b

  • SHA1

    2d353744b1e8ec8ed5c4aa3f27c4901572388f18

  • SHA256

    d8ce5818238a1fb7bce2ffe19fa427af83ecba4da666448f4cec4c68e8701cb6

  • SHA512

    2a3a6b3a0ae35aafc2fbb85d38798348d0f89f194adbd27406495f0af7efacb13917692635625477e8edf99691d4a43514c0aab69beb2d7bff2deb9400851407

  • SSDEEP

    12288:XMrly90WprVNdvXilN8Eo4iIzWKv98ZGt:iyhprxvBEhiBKv4Gt

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1