Extracted

Extracted

• • Target

    2424609f1d2a2d044a0e6109f30d5781e4e91ae5dbb97f3492ab6faac38436cb

  • Size

    1.1MB

  • MD5

    aac6123e8b7bbd3de6cd57ac7e5d7b0c

  • SHA1

    c21eac3a52d349b0302dfd25e352536b9fca5aa2

  • SHA256

    2424609f1d2a2d044a0e6109f30d5781e4e91ae5dbb97f3492ab6faac38436cb

  • SHA512

    658f9ed8bbfc0d087bab7a9bc00c251f4d784c94f86d33f9f59d418954a1baf5999f640431985ae3f47003b1180da50dd2f39d8d6b62222a2b13b60324459cf3

  • SSDEEP

    24576:YyDcBFooRTJ91ibpdrm5srgP/qv4L6uZv/SptC37Ad3kzyemUEKQq:foBFo291i1dBE6QL6GKpgrAFkzyemQQ

  Score

  10^/10

  redlinedomajoanadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1