Extracted

Extracted

• • Target

    b7bfbd9197b6a20f650b92916b390d1b4a5f63a09cffcb7d8ae828ab18d92da5

  • Size

    876KB

  • MD5

    7f5a2e00dab5331d6451a443fa659a72

  • SHA1

    7802fe2e4b61070919b6123c804e8c0e5474558a

  • SHA256

    b7bfbd9197b6a20f650b92916b390d1b4a5f63a09cffcb7d8ae828ab18d92da5

  • SHA512

    b7efd0b50c84dacc5f5cbe6d19e55adb8ce4378a810cf8cff8250d114a4b58c89bd0ee18e4a9e02b2914db1c4d3863b6a1f7431568dbfaa8b78c0f2384dce8dd

  • SSDEEP

    12288:kMr4y90dxeS0JaAmpx0OXDtc0SXXjwgV8Ed5XZe/UZWh7IbatIZNHaxcLCDGPv2m:0ykgeueWfzVLpe/UkIZNHaQCKPvghE5

  Score

  10^/10

  redlinedimasrozadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1