Extracted

• • Target

    d559be2a4bbeaffc6dd6a2d7e2a449203135da2cfa3e1eee45c6c198e85d324c

  • Size

    1.1MB

  • MD5

    bf98eda231ac176803be70eb4357ffb8

  • SHA1

    abb1e4d686845787a29c15055a56c94cf8946b28

  • SHA256

    d559be2a4bbeaffc6dd6a2d7e2a449203135da2cfa3e1eee45c6c198e85d324c

  • SHA512

    5bb7b9d16fbacffaba5b007b1af166081a27a5d3aff37a7f95f0417960c52e21a25f99cb3a9de79dd776e89425ea2415a85c4ac377f4348d7254c6130ff6d8a4

  • SSDEEP

    24576:Sy2EPWXSPlwsIahSrfI8GcR9MeEpDmhPuX2m9q8:5z6suaQrfjnrMHqum

  Score

  10^/10

  redlinedichaevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1