Extracted

• • Target

    0364cf6c2b62a30c7fb3926f88e5c0a9a44671e8b9fce9f5e16c3cf12179f200

  • Size

    583KB

  • MD5

    b6330110510b37d9bd02c13a80c2fb4e

  • SHA1

    68b695e27dfd7beb73b8936d9d2be78aad4cbba6

  • SHA256

    0364cf6c2b62a30c7fb3926f88e5c0a9a44671e8b9fce9f5e16c3cf12179f200

  • SHA512

    54bd42e573e5860770715ff1f25fe198c98fdded1e47ad6d1821c71be5cce7f531029f8968c5eda9a192e57639dda1665031df611768e9d701a02abea31e71c8

  • SSDEEP

    12288:0MrUy90sFArVTL202TjhlFCLdISeEZRYP5R78r55Gay2:oy3+lLyFEISfpP9

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1