Extracted

Extracted

• • Target

    cc4a6fa3ffab3845d24250242263946e15663d8b85a74ab5bfba40269f4fdc31

  • Size

    1.1MB

  • MD5

    cab2c1f8493a3e0a8408c3dc7bff47c5

  • SHA1

    168fd7a49942f72b7cbd9e1e5d0718245f891121

  • SHA256

    cc4a6fa3ffab3845d24250242263946e15663d8b85a74ab5bfba40269f4fdc31

  • SHA512

    19ea6d1ba30e4ffbd855d3016e0525f0a079c199fa4d4bb0146851177e1d6f73049ef0e497c3b772dc890147b005e42939b188e47d2e8a5737c11c75559dfcef

  • SSDEEP

    12288:IMr9y90i7Pp7CRGqtSxtu7J8Tm/MBrcliN2kRbb4zVjmczVg79kpmVEr8QVDg0ZP:VyL96b7JUJ2nj7VgZhoxhOHsGuCS

  Score

  10^/10

  redlinedamasisterdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1