Extracted

Extracted

• • Target

    c7b41bc1271443eb3633e6981e6543499db82dde1c08728ff8083ace48abd85e

  • Size

    1.1MB

  • MD5

    11db4c349fdad9ada45e927af0ca2efc

  • SHA1

    a558199c1939901ee9ec9a0dfc231e0279effe99

  • SHA256

    c7b41bc1271443eb3633e6981e6543499db82dde1c08728ff8083ace48abd85e

  • SHA512

    4dd413738b56d4fe4cebf9ac99eff8a3df6cf74a5bc41b8fd084d41a6367004fff38eec71f34914cf6810173d3511baa6161f34e35aa6728a316c4ac437e4a74

  • SSDEEP

    24576:Uy9NcCwYVLm50M7LeA4toKEc3wX7F+CPH6a+RC2o+/10uvuXHK:j9Nsiy0MPeDtoKNwkCPr+110OuX

  Score

  10^/10

  redlinedomajoanadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1