Extracted

Extracted

• • Target

    8ae2492b94e9f41157b60e81a7259b20dfd9b6076630e69a6124b7164f5d615f

  • Size

    1.1MB

  • MD5

    9b0eccb2e677f72ea65ca8126c88a3ae

  • SHA1

    9dc6201eab3036e2eaf7c6d32ed6eef9e4971782

  • SHA256

    8ae2492b94e9f41157b60e81a7259b20dfd9b6076630e69a6124b7164f5d615f

  • SHA512

    f9b14762e42cfb77d5818bf985f01ef6bcc946a0f21d5b0fc25b5db49a1301b1b65722f0cb4ef9dbd054da16ed7c875970f0dd29722f607a4f56f5c58fbba690

  • SSDEEP

    24576:ay8y1k08jb4Uwb9/oVy6+SYGf14TwQbbbMyP3Ox+A4I:h8y608gUMOV3+SYQ10V1PS4

  Score

  10^/10

  redlinemiranravendiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1