Extracted

• • Target

    8453c7a8c17598c7bfef05aa8ea0ab03d2c26490cb5eb90789aa29047402508c

  • Size

    581KB

  • MD5

    67cf2c6121c733832666746c1c1eb460

  • SHA1

    1d4cdee83faf9a147e72b9f123fa595d4af120cd

  • SHA256

    8453c7a8c17598c7bfef05aa8ea0ab03d2c26490cb5eb90789aa29047402508c

  • SHA512

    d9cbed38c2976f9f64cc6c1eccda3f1b1d4631fafea4c43d2907a21d1a0fecac1e39b7f451f6e6baf1f1eb645b6279cca939844202acb4ff97f428811f86a6bc

  • SSDEEP

    12288:WMr7y908gKDqrtRkLPI0REWPF62dGcrqqo9lB0EfMjzUjV:tyeKAnkLI0RvPF5UhlVUGV

  Score

  10^/10

  redlinemaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1