Extracted

• • Target

    fe9f590132eeb6b76496203d4f9f515470f7eb293ba1fbe7b423ac930d9e38a0

  • Size

    479KB

  • MD5

    aa5920feb373dd9fcb890c3268a16fa5

  • SHA1

    d1bd2341149d447128b6d3635bdc829bc10d6fe0

  • SHA256

    fe9f590132eeb6b76496203d4f9f515470f7eb293ba1fbe7b423ac930d9e38a0

  • SHA512

    2927460363033eb94e666183bf6e60fdd7b45b2cc638123c11a15b1da83c2b17add52c7f1ff52d5738c4dc0c826aa1445349c0713d75d699527aeab82eacae1f

  • SSDEEP

    6144:KPy+bnr+Ip0yN90QEn4XZT5UkWmjZNwt2+cDRfGkXOhV6ZHycNPJP1yEgnRyQuO+:1MrUy90dUZU2vRGPh0JZ1yEgnRluO+

  Score

  10^/10

  redlinedeasediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1