Extracted

Extracted

• • Target

    81d3baa68d55bcf8183f0527bc9677b8e348f7724e4bb91d8311d8294f7411ff

  • Size

    1.1MB

  • MD5

    57457c22f7a5f148909b7c412512dcbf

  • SHA1

    f1c32d49b3124870c71067840671fae3bf6eb42d

  • SHA256

    81d3baa68d55bcf8183f0527bc9677b8e348f7724e4bb91d8311d8294f7411ff

  • SHA512

    946144a8f7487a1e29ee4a411947ed444b1940fde4668e82588db6dea6533bd86b6bc0d7c4a3fd76c50583366de48a545efe883c9ee48b87f73526db45428574

  • SSDEEP

    24576:JyGK4uOm4pLVras2ugYrAPoqYHKmzIzyy2X:814Xm45NF2RYHvHKmkO

  Score

  10^/10

  redlinelarisnaherdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1