Extracted

Extracted

• • Target

    e0afc4dafb3263ca5c36f535ea127678031fb8f28c47bf70f7aaf5169a31ba00

  • Size

    1.1MB

  • MD5

    b6f73c8382487cef84be822b5857553b

  • SHA1

    a345d16263c992d687b2cd13eee40fc523cb5b49

  • SHA256

    e0afc4dafb3263ca5c36f535ea127678031fb8f28c47bf70f7aaf5169a31ba00

  • SHA512

    aee1fcaf743631f825b261318928c96c543f2d155ba8de9e3cf21519a4ea25e59f486db9caed1ada99a76efa6b550c0f49f14c964d90d5cec164a0e414f49e99

  • SSDEEP

    24576:by9k396k+PjPub3dZSLx4m2Q4UsqIcGOPVgz5re/iHT:O46r65i4m2Q4UmO7i

  Score

  10^/10

  redlinedifozhorordiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1