Extracted

• • Target

    76253f6abce640af2b184c2483dc4e97571d0d04e504765d10c9ba29e309eb19

  • Size

    478KB

  • MD5

    66c0109e8dbe054f4cafbe820be8c74f

  • SHA1

    30c893b38e6eb05b01bfdc788723575cd888bf27

  • SHA256

    76253f6abce640af2b184c2483dc4e97571d0d04e504765d10c9ba29e309eb19

  • SHA512

    cd4e4509f719dc182b27e8a1dfd9da21808df969a450f452c3221be44ca92e7fd91d194e8634a1c8ac3ceacf85c3b156d89bb09d32b5594fc203aa10f6fb59af

  • SSDEEP

    6144:K/y+bnr+Vp0yN90QEShKbOOnepEihwvmAnCPPFmYMTZXN3cIqUM8b1U8NofqQfoK:xMrJy90NWrxsbN3cIlM8zNMqQf5L

  Score

  10^/10

  redlinedivandiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1