Extracted

Extracted

• • Target

    fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680.exe

  • Size

    1.1MB

  • MD5

    88c1ee32fb16e295b2e845bd8dd51b93

  • SHA1

    6be47a42849f15f565da66dfa097f6b5265f5075

  • SHA256

    fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680

  • SHA512

    577ba596c746d173c7a6718e3af8c9c166a28813cbbb73abecc370bb54ff73edfe99c25f432182b037df90c393eade4577c3f8a86c8b15e2a26bb5677fcf443e

  • SSDEEP

    24576:+yABLYhtlEtECOl426WoU44ZkiyW0RHWNBc2DX3MI:NAurlEtEe8xy2o

  Score

  10^/10

  redlinemuftaevasioninfostealerpersistencetrojanfuga

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2