Extracted

• • Target

    7087abbd91adbed88a13bed8de3ed4b57eb54e3f06edb89e0f20172da5c980f9

  • Size

    478KB

  • MD5

    1a602ffcc075ec21ac8ea09a8728aa66

  • SHA1

    5743b94a3d63b660e7db475c83c0db649ecc9abb

  • SHA256

    7087abbd91adbed88a13bed8de3ed4b57eb54e3f06edb89e0f20172da5c980f9

  • SHA512

    8573a91ee4739ede503385b6066d22dec5624c1427d9f9675b8e18cd92bb7b0be38765bd8e5482d6e40e6ad0b2ce3361f6577376048956230c0ce1c483a2ff20

  • SSDEEP

    12288:2Mrpy90ru9bHjhg+25c1u315TxpQpCmu5eYlWmf+N0OjY:vyjtiX3Trik5RlWmf+N18

  Score

  10^/10

  redlinemaherdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1