Extracted

• • Target

    5fe4c8e94c7e532d4fcd37796f8e52a008310b00380ae027cc2ea1095dd2cb78

  • Size

    770KB

  • MD5

    1adee44dca357b0ee415ce3a07d6f5ff

  • SHA1

    6289afd7dd5be9fb6e0611a2d4acc0beb53c328c

  • SHA256

    5fe4c8e94c7e532d4fcd37796f8e52a008310b00380ae027cc2ea1095dd2cb78

  • SHA512

    f79ac33fd8958c1ae1dd423e0b859d12677876126b68d5ef9e694d0c7b259a4f29ad7dc7499130f58bc3fe2de0c8685e9e9aaa6b23921f9476c86b333498eb91

  • SSDEEP

    24576:qyCM7ukOtRHEIpjq3wlpka0RY+TlquWo0z83:xF7xaEI5Y0S9RY+TIroO

  Score

  10^/10

  redlinedebrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1