Extracted

• • Target

    2e906e6df0205ab4b363be37710d01c5c02eea9e0b122810bdac1dafb8342be2

  • Size

    480KB

  • MD5

    3ec4dcb6ff2b75b418c6b8603daeb567

  • SHA1

    a3ac53cd13e32e621da5cecf99aad340b676d7b1

  • SHA256

    2e906e6df0205ab4b363be37710d01c5c02eea9e0b122810bdac1dafb8342be2

  • SHA512

    74ae479409f5256497c609dcb4a6cfb4bcebe38cd70057b627996e858ddad22a40c6545bb9dc6366954831ea539de8779baef47279a927a5fcdfd9205840c2eb

  • SSDEEP

    12288:ZMrNy90jw+9m5Y75c1u31nTYClajCiMZ8ncR26p:0y81goX1T9la+iMkO

  Score

  10^/10

  redlinedoumadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1