Extracted

• • Target

    92f3b66e5de57b159792bcd247e86551a7fb059e61226d46e072656feadf6a92

  • Size

    478KB

  • MD5

    ffad23dfe26ea3419cf9db6902196f31

  • SHA1

    c8d51cd7796dd3890e2e92b71efd0702f5221966

  • SHA256

    92f3b66e5de57b159792bcd247e86551a7fb059e61226d46e072656feadf6a92

  • SHA512

    c1422d903e5f1745f21073f1a9c0320d825461e84cbcb24aea650d1cc3bad13a2703ac2ba7a1b27ad7b48e3afef43def141d624251890e773abbd32fd9485dd9

  • SSDEEP

    12288:TMr8y90nljYL+EiqW+qgiyu7sHw7nmGRR/:3y6lI/LiYHw7mGRF

  Score

  10^/10

  redlinedippodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1