Extracted

• • Target

    d1963c0f85eed798b72d9646a93f3b3f1ca69ff14e054b317eb41b6fda5dbb8a

  • Size

    1.1MB

  • MD5

    b06f42c50b1a731741c4804e02d0796d

  • SHA1

    1e0e90db4d232a432f99ffe7830662f3970044aa

  • SHA256

    d1963c0f85eed798b72d9646a93f3b3f1ca69ff14e054b317eb41b6fda5dbb8a

  • SHA512

    0f3fa4a9345ea741a0aecd73d9decfab4f71910035c416740a6c1288c54e3248be030c981b2f687d7879b26610889eea00b9591568c4e924842e5ee3e82b6b9b

  • SSDEEP

    24576:GyjXXYMsxZZFkszKVH1+hG8fpSmTeVzlx+M1QnTF:VjXXMZFks6+Q0Qlx+L

  Score

  10^/10

  redlinedomadiscoveryevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1