Extracted

Extracted

• • Target

    02eeca919a72e22add80f59c7723eb207f25834912d5b8922a3b3c5124f6209d

  • Size

    877KB

  • MD5

    41a3f3dd01dc91b3fdc1c2e1936b3f90

  • SHA1

    d266c7a54692e34ff4fc8a69aa5227d004553789

  • SHA256

    02eeca919a72e22add80f59c7723eb207f25834912d5b8922a3b3c5124f6209d

  • SHA512

    882e55c1e472173b8fb2307a7fb908c5220d44579d984ca2a477d9bf36c09cee8ae981833b14961e8c4a185236846828e93d2097a26fdcb6e9afcb566c642a88

  • SSDEEP

    24576:XytYQ5H/DHOxPImuFWJoBxm4vFc3MSbhmbRfs9zUu:it5frrmjBbhY

  Score

  10^/10

  redlinedimasrozadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1