Extracted

Extracted

• • Target

    84deb4d8d09a84288de4cdca1cd0a1eed78e0274461c11239db1507361a89a21

  • Size

    890KB

  • MD5

    c7b11512b935231da032058e1c7fe4d3

  • SHA1

    ae35c7fec289072d36b5b9835392ffbfb19dd08a

  • SHA256

    84deb4d8d09a84288de4cdca1cd0a1eed78e0274461c11239db1507361a89a21

  • SHA512

    968f56a9b3ea8e04f76923d1d57791a2f6a690e1c022bb22e5aaa660d09882e70ea6361ace743f3fff1faea915ffe09134c50ae85512dc7958ef9b1b3f9ea83a

  • SSDEEP

    12288:4y90CxYWJKHagfrN/55AqlQR+Uy6NUTo85X9ngA9FzN804nvZENlw33z9ukT0:4yrYGK6mJnAxj+rngA9FyvZAmzo00

  Score

  10^/10

  redlinedantegenadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1