Extracted

• • Target

    4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e

  • Size

    479KB

  • MD5

    c099511b05a276739e6854d5f927854f

  • SHA1

    61191387fb320ce9153769cb405f4b61c443cbe5

  • SHA256

    4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e

  • SHA512

    8511a71c48eda1b5305fc626a68931371489f3c1b1839c269b4dc3ee9f2d89d2ab49c2834c53b306bf61ff68e27f461b257d7fc526bdec93c5b38c09a616f53d

  • SSDEEP

    6144:Kly+bnr+Ap0yN90QEq4dQhlaZglvafwstPxQxsz6lGRoYy1f2Lw4Pd8s+3ZYL:LMrIy9044AlWCvJstSi2VQv9O2

  Score

  10^/10

  redlinedumuddiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1