Extracted

• • Target

    c4ff7d6425d92cf8a17f946a3a8d03f471e8aa5788386951cc0424c3b5432cb5

  • Size

    581KB

  • MD5

    501d78d1d44ec871e7f8144bd6c8cb07

  • SHA1

    53656c44ba112dfd254df31ecc587e7e32dd17e9

  • SHA256

    c4ff7d6425d92cf8a17f946a3a8d03f471e8aa5788386951cc0424c3b5432cb5

  • SHA512

    3c9f03323b443382f5f2d7336fae5d3faa627430e9725deb50749814739a3ff33c3f5984b1f6ecb9e38bebb031b838884efab09de70e850c163cf5e1b9c3285e

  • SSDEEP

    12288:aMr0y90hEaJJ23ZCqVAckxnQVxGZSi6SE++ygd9eP5ZrU:qy6EaJJ2wq2VQqQi6F++Pdohq

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1