Extracted

Extracted

• • Target

    4a2b613d88f9d3666fcad8be647f7d2faf2b4901fcb936a3726a85e362174db9

  • Size

    1.1MB

  • MD5

    25f40d1a89d0cf623be3b2b52fa2d5df

  • SHA1

    ada95e72dafd0e2dce698ae4bf3e421c11a13249

  • SHA256

    4a2b613d88f9d3666fcad8be647f7d2faf2b4901fcb936a3726a85e362174db9

  • SHA512

    df2da5032ca1064efe2586fef40ace724f0672afa89fe178235c71505708394bb051c44187ff2850ec85a0d68d8d2ee75643e23432378bd9047f6ce789dd831a

  • SSDEEP

    24576:iyqJ9mV6q34yxfeU0O7TNJV0aq9kFPTKUeVv3i+EC9ZSMbn/:JqJ9mbGm/90aY8red3iN4Sm

  Score

  10^/10

  redlinedizanravendiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1