Extracted

• • Target

    4676bd96c74ea1045e220ce707147b0ea175f0ceef159676cdc799021657ad58

  • Size

    479KB

  • MD5

    88809281d1e8edc2a25bada348ed83b7

  • SHA1

    32bd63e7ec725ae536c6b2350b26e50442526226

  • SHA256

    4676bd96c74ea1045e220ce707147b0ea175f0ceef159676cdc799021657ad58

  • SHA512

    4b721ac7b058ee0ec6d82d948083d592889e31f9ad4cd772ed21b3b675bd0087a0dd650dc73272c04ff2cc8c6095d7cadcf84cd002b6cf3f1067c4338e87c5af

  • SSDEEP

    12288:GMrIy90d+2JJF18hQo9WiqlsaDAHrnXj6:KyyZz8hf9WDsOarXj6

  Score

  10^/10

  redlinediondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1