Extracted

• • Target

    a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d

  • Size

    587KB

  • MD5

    79d84d5750d8252894b780a4e867141a

  • SHA1

    844efbaed71b72dad37b71b00e7130e2c327d5d0

  • SHA256

    a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d

  • SHA512

    09fbd3750bbc5fe9bc93bcc29a1877be312004d29eb455d44ca327cc2b59d2c8b15674702f94fce43dc80179a0e495244e851136101c0a3fc710f43309155529

  • SSDEEP

    12288:1Mr6y90uTfzO1L+GbhyL5UzhEMr0fyNReqZIFoWcDbJo:by97OL+qhy9UzmUduq8Co

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1