Extracted

• • Target

    83da65cb204d26139a5d32714cd96b51c0272fc3828a11c3f6a3729510f633b2

  • Size

    769KB

  • MD5

    a56e7736840c523119b60f8da33a6479

  • SHA1

    480835177b5f3d3425fd98cef19f738355c79890

  • SHA256

    83da65cb204d26139a5d32714cd96b51c0272fc3828a11c3f6a3729510f633b2

  • SHA512

    305c208435bc850f1df74d09768e9fdd7854584762b66fbf78a8161b8f745f2ecfb07bec357406b9bea2ae803e8f5f24f66ea3754d9ae16f5e107a711e866384

  • SSDEEP

    12288:HMrYy903gUcz4uvBf1dy9kfRwK5OpqauFQ430hNbJ3bIW0o1:3y6g3MSBfn9upqau+46N1rIW0o1

  Score

  10^/10

  redlinedebrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1