Extracted

Extracted

• • Target

    8e9b59df6eb5adcac7b935c24b8317de3eca6ee93c843cc3fdce2f9021eb2dcb

  • Size

    1.1MB

  • MD5

    1368996112a94d5c56a44d6c762965ee

  • SHA1

    08ef8b7fcb4592527db17cf005002f2c220284fa

  • SHA256

    8e9b59df6eb5adcac7b935c24b8317de3eca6ee93c843cc3fdce2f9021eb2dcb

  • SHA512

    e669d6867cf39364c03e459fc2d7c11212175b9e15b9184199d088f4a12dbef6dd132f79b3015330855c972972838c37fae191396df87ac3a0bf723d0c121639

  • SSDEEP

    24576:FyC5Cygp8F/3S1aoyRZsCsrCIG7zP8TOepJv5ZvOD5tIDg8A:gC5CyDM1aGpS7DR8v5ZsIE8

  Score

  10^/10

  redlinedifozhorordiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1