Extracted

• • Target

    fa11febf02ebc8dfd415cead27f7462c4e9360785a8759ee3ae907db5ad91565

  • Size

    770KB

  • MD5

    63fc50cc57189471ada17c8a1bc2efc4

  • SHA1

    6842ff30f528d4c9b856840135d3c898c473463d

  • SHA256

    fa11febf02ebc8dfd415cead27f7462c4e9360785a8759ee3ae907db5ad91565

  • SHA512

    5d7ba29592054894c0038a0a037c3650497dd2237c146ea2277e75296a298a4db4bcaef7d3603611d426b5ff65d7b8f9c889cb4288bd6f51267f0066564e82f9

  • SSDEEP

    12288:NMruy90t7pJdf8PwRj5C006F4GgyKFOkman+WWYsSTWiJ9qqDqzEFMZtqhBjR67g:fyO4OjMokman+WTLqqDqzEmCb676lqa

  Score

  10^/10

  redlinedebrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1