Extracted

• • Target

    6621366ab968c96b05b12850e5bd603f060c887d8e66ddd6085b2398941279aa

  • Size

    853KB

  • MD5

    45ce9ab5e1c02fc9dfed753454dba905

  • SHA1

    cf7eb56d9193ea8e36d9c48e76bb9a01286a82eb

  • SHA256

    6621366ab968c96b05b12850e5bd603f060c887d8e66ddd6085b2398941279aa

  • SHA512

    ceadf967436a0962ee8e7a7e0d73d0ae9d40cc01f54a9de8b23397c01f1de1dc3f136fdb8a4f7aabde545a4bd2dcc99aab42a8c9ec1237c23ea33d06d3ebf215

  • SSDEEP

    12288:ZMrQy90HkyriyFmOJEOzQa7TPgUSXA+bmw1TbHvCBRmyRMWt7O631PHeW5k:xyYkyKkEtq9GV2Rmyt7J1m

  Score

  10^/10

  redlinelupadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1