Extracted

• • Target

    dc926720078fc30a9468e3e0ccd893556e49e8671f2db32b58f07b738435aec5

  • Size

    479KB

  • MD5

    67e99eb3e641e0e54df748de9289eeac

  • SHA1

    7605d81f54a46f9d79509a8e20369a8222491da2

  • SHA256

    dc926720078fc30a9468e3e0ccd893556e49e8671f2db32b58f07b738435aec5

  • SHA512

    7b14dd239b3569289a2ad49fcb64611a67d721f5ccfd77c1d38c55b66fd8ec7a6f062d57ec583c32103c5526b49b03fc561c76f85d295bb82a1cfe5231446963

  • SSDEEP

    12288:nMryy90kOhxY+D6uMCCrgPNxEcUSaPF0P/7O:Vy9OhWxCCgNxEcx6F66

  Score

  10^/10

  redlinedumuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1