Extracted

• • Target

    9654207f83984a18df01190b4e046955f38b2e0df26ddc4bb9d3d9ea0590c8c3

  • Size

    560KB

  • MD5

    f3fa49bc75648e3213d441e04ccf1559

  • SHA1

    f115236da5267347e8643d527cfd5984e6c42a8a

  • SHA256

    9654207f83984a18df01190b4e046955f38b2e0df26ddc4bb9d3d9ea0590c8c3

  • SHA512

    3bcf1671ad8018ddde5f4ca6e0df25b7bfc2293eacd83d9f68048e6b05b558604a336cb6f7303956a5acaf6eb173623d4f37a46a7f713debd2d3f7365bca50de

  • SSDEEP

    12288:LMriy90OmNbZ+o+kg/rfPt1ut0w5eVHNbHMH0NW:RygVd+kgPut0w5IeHKW

  Score

  10^/10

  redlinegogendiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1