Extracted

• • Target

    86fd5b307b73ad698c95388ad2a772db743fc724dc01305cd435ddd5ca79b2b4

  • Size

    770KB

  • MD5

    e0926ce611f5f0077c72025f6d34f697

  • SHA1

    a63dbb089b9c5b8c04b6070d4101e5423a98d03e

  • SHA256

    86fd5b307b73ad698c95388ad2a772db743fc724dc01305cd435ddd5ca79b2b4

  • SHA512

    e79ea213eda0cfc5b0399ba579d647526e0ba76a65c88e762f4cb0cd9c24747efefa6d5cd8886da03d4b82d4721220f5f366618b020e0b381df619a3a6b08045

  • SSDEEP

    12288:+MrMy90IMtCfeOxy5n8orz2Y/ZEl+gDisPZBIogsDpIBzcg1beUQ0GbkSQYs2S8:yygX8OC0Zs+VsDpIBzVNeUXmBw8

  Score

  10^/10

  redlinedebrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1