Extracted

Extracted

• • Target

    e8cb194ca5fa26cc9f0f2750a31cdce21857b0b682ef949a720b5b3f82e9631d

  • Size

    1.1MB

  • MD5

    799f9a31caa9b92c7b88618c65ff1128

  • SHA1

    a60902406ccec2e105d2e0cb2cad005c2d387c0e

  • SHA256

    e8cb194ca5fa26cc9f0f2750a31cdce21857b0b682ef949a720b5b3f82e9631d

  • SHA512

    5a38703d952b25cfcd840d56fa71a0f44aab8974a8fda14f0c49d5d638083ccea87deaa6c9ab588c6e1ff6fc1d839f1b30c7762565753e0e4b715e95316cc4a4

  • SSDEEP

    24576:gy5z9ElZN7VDG3Il/SHTooOkSHG49pYUQSrqariTbQ7:nXEl03waEL9KIu6io

  Score

  10^/10

  redlinemazasisterdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1