Extracted

• • Target

    6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010

  • Size

    479KB

  • MD5

    024ad2fa73655bf3705095f8791f7a08

  • SHA1

    babc4ce84bbbeddbae89593864192b4c74136d32

  • SHA256

    6a89e452b93f558bf1afb01bd642423170c990381ddc6f06f294920c539d8010

  • SHA512

    4c9083ae366df428bafc4a0726e6891ceeed66479c909cdae82ab9d61f78faa183050c54ab476a8e241b419a5218cb354576794cd53a6b5915e86d4b7d2e5cab

  • SSDEEP

    12288:BMrZy90GEiR/eKMQbEI/WKH37O0xjpCYFvHos1v9:8yX9/WKX7Oe9ZZ1v9

  Score

  10^/10

  redlinemaherdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1