Extracted

• • Target

    9d277333ea29c5f072f7c9c568153bda91ff02aa10670422afadfa81f193dc81

  • Size

    579KB

  • MD5

    89eada12388ed339d899c5c1a090bf89

  • SHA1

    bf2c437a60d605c492a3c7c31bf8a022728f5969

  • SHA256

    9d277333ea29c5f072f7c9c568153bda91ff02aa10670422afadfa81f193dc81

  • SHA512

    2676cda9881965dc1548b1468d2a8e99fdf3c24a070acc7ecec366b60fc3b005c15d1188cdd03bd1bbd07a6e2b5c622cdeba08324538d26b98040377ae855022

  • SSDEEP

    12288:UMrmy90za1Szd9Eb6TjDWJZlE7U90SuwT2SOxTE01291XpDBEora:KyIaEzTrTjkn9fuwTNo5181XpBa

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1