Extracted

• • Target

    a2480eb28d2f5c0607929bb3c3ca4aa6d421ebcfde46ecec6e2d3ce7e8870780

  • Size

    480KB

  • MD5

    9961a5c76071cd0c188b0c571adc6478

  • SHA1

    9d446db7ec8a76eb9149adc2a23247c79819eb97

  • SHA256

    a2480eb28d2f5c0607929bb3c3ca4aa6d421ebcfde46ecec6e2d3ce7e8870780

  • SHA512

    c31fa7c3089ab27816ecc071b7ce285900b2867d243e705565a55be35ead64390a021c5c245000c580f940ad5ad9c08aafabe5b54ec1afb157dba900a2ebd03a

  • SSDEEP

    12288:QMrDy90IsSLsI7PcMw+ua2aiKuMFaVXSW:DytbLLDcN+MdaaxSW

  Score

  10^/10

  redlinediondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1