Extracted

• • Target

    e36a1a93a191a534e336359d38e8a70d7ab7c0d0c4d8e91643190225b9b018d7

  • Size

    481KB

  • MD5

    1b3e98141b2f598acabf19c0a59c68dd

  • SHA1

    6e1daf22b19e7ab6d858dfc41ce3b92753b3909d

  • SHA256

    e36a1a93a191a534e336359d38e8a70d7ab7c0d0c4d8e91643190225b9b018d7

  • SHA512

    6d725b700a0f9b374c350f1cfaf95290c0913dcea51cf1a1d2b60bbff81d62eebf5cbebdcd43ce4d06ff08cec39f205fdf117c30e6c5618d25473261a26bf6a3

  • SSDEEP

    12288:6MrBy9099+rtIHm55c1u311TbOIRqlT5c+mkOuHAv2:Tym9+Z0QXzTVRydc+m9P2

  Score

  10^/10

  redlinemihandiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1