Extracted

• • Target

    ab70633bbf0c043a0665397a165ab627053011eb40df705334061c2995317daf

  • Size

    479KB

  • MD5

    24a912e0ad81e51126c8efe7a5275202

  • SHA1

    61b246077e929a77f3e095c98c7d52d40b4f4e76

  • SHA256

    ab70633bbf0c043a0665397a165ab627053011eb40df705334061c2995317daf

  • SHA512

    d5a44915806eb6362d7d8e02a72ee32d7bdf3e3936758db5224f3bb500328b520ad883d21de774f1102d8256723038ea7105b70e9e9cc9e9e9b0e076f3708ab7

  • SSDEEP

    12288:OMrsy90lVGY6aEhR806TJRnlSJPoqHLs4IOo:uyAGaT0QzqY4In

  Score

  10^/10

  redlinedariydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1