Extracted

• • Target

    648df30631bf2a6b4b35aaa381f2f278ad6fb522fd705c534c7523ff0d27ab67

  • Size

    479KB

  • MD5

    287dbd0ce7db2023ec6aba3579e8c071

  • SHA1

    3ca66d557cbad2a6eff7683a3ebd36fee1bee65a

  • SHA256

    648df30631bf2a6b4b35aaa381f2f278ad6fb522fd705c534c7523ff0d27ab67

  • SHA512

    aef78f1116726b00397c5b872b954159ed37f3bf280223be9a17fe1cff5adacabcb2295f620614d38fad0511927d907a2cc9019266680a1afc2787072e4a4fa5

  • SSDEEP

    12288:WMroy90HIVB9FqO2vQMLlou2M+8XnvifQ+loKzH00o:aydAoMhv7XYzHDo

  Score

  10^/10

  redlinedivandiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1