Extracted

• • Target

    c6060cc442fc777c92b6965682ff0da232efcd7a74e01056ae8dcf8a3ae150b6

  • Size

    488KB

  • MD5

    46e33e1b96bdcf12361704c7130fb490

  • SHA1

    6acf1fd751782bc02b80d6aa74127af42d756e20

  • SHA256

    c6060cc442fc777c92b6965682ff0da232efcd7a74e01056ae8dcf8a3ae150b6

  • SHA512

    06d65416497207198af7b6f0f584182d4893446f0921b30c85f0c0d9fd8729dde8e4bb40408d6171b2bd65748dc9ea612ea3603c4dc210938f063dca47fbdc48

  • SSDEEP

    6144:KLy+bnr+4p0yN90QEJrh4RQX72RALD76cQFTkoYovlWKwuuc5qsfYe8mI5F7B:BMrYy90jhwQrFLacQ51YAFwtVepI5FF

  Score

  10^/10

  redlinedippodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1