Extracted

• • Target

    fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08

  • Size

    832KB

  • MD5

    1f84e0b6a95a5fe23d40592f6a6f7554

  • SHA1

    ef9eb5df7f4045d7b004e19986674c2c79dfb0d4

  • SHA256

    fcc4605384ed0d03937593f0aba2f0f60a7945b53d7ec538b3e315a439f80a08

  • SHA512

    181c1ad898d7f8a6bbf6d766d6e6a0bc8d4e4271316ec4eadf6418ae7fd5fcab0e818849932526ff235d77a989649e7d1ee4dd12f0960fb460359ef45bc74736

  • SSDEEP

    12288:SLUZH/VUan5w5mvBedKBlsXopctdTquivPgSwo0Z38ywgmPRI:gyUan5eWo8BlsXoarT7p8p1u

  Score

  10^/10

  redlinedownevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2