Extracted

• • Target

    81a681107ed6585503995116cd1814a1de4f4cc8abd450ef183cf44c1b0f0480

  • Size

    480KB

  • MD5

    933a98f8f9cb09f9887ee35d85ac2ebd

  • SHA1

    6388c46a8041fa6da8a317b399ef48242f7ae69f

  • SHA256

    81a681107ed6585503995116cd1814a1de4f4cc8abd450ef183cf44c1b0f0480

  • SHA512

    7744ebb0880391d45ada987c13fc5dffc5d9397db5fbef8720ef7a8ce0226b488be563971fe56d8bacae5132d633100d49cf1b4e3a26515f982fc9b74ea10eeb

  • SSDEEP

    12288:hMrRy90aPJJhV6GjwblN6ClypnqRedP17Idnp:AyJINNy8u17S

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1