Extracted

• • Target

    3c7259b8a81b7ec34de612db0dc83b9dc78620826b1425468ae069b31086c08c

  • Size

    479KB

  • MD5

    09d101ee3575e1ba4cd05bd6ab377bb5

  • SHA1

    0aba71c390b51c9c277f85248f8796f588006dda

  • SHA256

    3c7259b8a81b7ec34de612db0dc83b9dc78620826b1425468ae069b31086c08c

  • SHA512

    bbe5e4009c6cfdebd64b80003231666f24690181aeaf65df0e307074412fd07b60abbee172abf344aee6cfe605e0a3cbeda39551de831a42ada4c02587cc816d

  • SSDEEP

    12288:mMrcy90/vYzno7D8FuTp39KzZiU/c5aqi:GyCAToiCpUB8aqi

  Score

  10^/10

  redlinedivandiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1