Extracted

Extracted

• • Target

    16c2dfaf8d2ea6c2c4b12e77aea3387f8c9dba0070f76dc2f0f4f2f673a0d9f1

  • Size

    658KB

  • MD5

    a5cca2a0c06d9366e56ff79c603cbf6a

  • SHA1

    a421c89ca4d2491c315b14a3fab47e83a5fc8921

  • SHA256

    16c2dfaf8d2ea6c2c4b12e77aea3387f8c9dba0070f76dc2f0f4f2f673a0d9f1

  • SHA512

    731185b3c0920cb416e121b1d7ac9b44aa59f468031ab61cf44e7432c9c16c784804c428f2f51fab9d12fc14cc26fe3fc668a17ec5f241d3f441a83a155af795

  • SSDEEP

    12288:zMrny90ACOUDvbl/R5FF5QAnmYjtFztQeG6Dj0EFyGGC44OzWK4Q8vUgOX9o:MyhCRvbtHFFV7+etGT4XK3Hto

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1