Extracted

• • Target

    29906895f9297d6185b94a5eed52930f48b78240549ad834bf856c46b993b595

  • Size

    480KB

  • MD5

    1a7f9eb644c81fd1366dbf4b2254cfa6

  • SHA1

    8129e05bab47e131a883d02cf2d40b74ffb614d9

  • SHA256

    29906895f9297d6185b94a5eed52930f48b78240549ad834bf856c46b993b595

  • SHA512

    ddbb07d7cbb708cad981b7bfad491db6afd6f5bc845952540218d7461eee038b3d0300a62e92cd8c53e7f142f07e52587c7f9b611465723d40d78d28014103c7

  • SSDEEP

    12288:RMrxy90G4YDwOUBXTf5Cvj5b9VRFoiyTc:Iy4YDlS1Cdb9Si5

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1