Extracted

• • Target

    1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105

  • Size

    479KB

  • MD5

    f13b39973f62ca987a9e8e421111d32e

  • SHA1

    eac1df88a4276b05ab9b3ed8aec85d2b1caf4ecc

  • SHA256

    1b5c1227f68c1292cd798ab4a4ff41a1af8dc51d5ce3ac46adcb47b793b7e105

  • SHA512

    bf44badbf34e5a187468cdcff48915b297fc580ae19776fb118e58f8c12e488dd9c3186f877e339411794a3518d3a31583f0ea8869d61b4dbcf715829aff8b54

  • SSDEEP

    6144:Kzy+bnr++p0yN90QE43ZkNzeWE1l6OlD+Q/uiZIU88F+zcCXkWPYaeg1rgwXw6b:pMruy90Zg6zEIU88F+YEGs1hLb

  Score

  10^/10

  redlinedonadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1