Extracted

• • Target

    d076d2ab339d32b52c5eb3b1a50c713a6aff8180a42ab3b2d74a457346156e7d

  • Size

    479KB

  • MD5

    aca61bea7240b4883f6cd602740dbf7a

  • SHA1

    3a8d179919ff552c8a1c4b81902d682e28311adf

  • SHA256

    d076d2ab339d32b52c5eb3b1a50c713a6aff8180a42ab3b2d74a457346156e7d

  • SHA512

    cd59fdc68ea6dc707382bf27099b4017798ff9ff2f808f898448dfa7b23a340fd308ba2749f37d0ce425e0c3c2c3c534e650ce4e1cc668879077a71058e017a9

  • SSDEEP

    12288:oMrky90UBsPnWtqy3oECd7VtMLaE26pCd+nenUp:cygnWt/jMqLaE26pC+eUp

  Score

  10^/10

  redlinedumuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1