Extracted

• • Target

    32e3dea0fe203457b8ef8cebd568c8d865aca73c1ede0ad22a4f5f71a610ad6a

  • Size

    479KB

  • MD5

    1d4ce9d335aef8be2074fb2a7c080071

  • SHA1

    f5493dd4e4029d7fc891d6cd9d8ea9629ab045ce

  • SHA256

    32e3dea0fe203457b8ef8cebd568c8d865aca73c1ede0ad22a4f5f71a610ad6a

  • SHA512

    bb7b4c469e234c56db1d822a2211bac5d3973709810c08873bb7b3050915dc3a13cde9bd859551138895603fd9ccb1bc1d4f254d85947f81584f339bb27986df

  • SSDEEP

    12288:sMrRy90ZO1PytPP3n8FCpCwtee3MwX9CU0k2:Nyj1qtHyEZfMwwzb

  Score

  10^/10

  redlinemaherdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1