Extracted

• • Target

    1e733f7dd81f0f7ca342286e81d655255b1e9ac221a99e630d4bb28bd5d7c175

  • Size

    1.5MB

  • MD5

    358fa157d810e546c424049fbb7e320c

  • SHA1

    bc280247d4c893b934fad0cf7cf8d1c4e87b2286

  • SHA256

    1e733f7dd81f0f7ca342286e81d655255b1e9ac221a99e630d4bb28bd5d7c175

  • SHA512

    b9eab09dceda42cb069477450c90ab76b90bb96c17623327d3385065d041ef211a4e26b77188c07c8a248266bfbdb03ee44935e1031fb3736e0eed28e42f6787

  • SSDEEP

    49152:UqILL5CGMhHo9//pwjrF89sRd1xFrvHTT1C:vgCfKxxwj58aRHxRvH

  Score

  10^/10

  redlinemazaevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1