Extracted

Extracted

• • Target

    9ae39100a818c97fd5b397c448f22e4d53daa4b8a0522c6c4999a1796680ce08

  • Size

    1.1MB

  • MD5

    9a34dd2a4f91c93f35c0cb90d4bd9059

  • SHA1

    cbaf4ce64a612ebf59c61d0c4758dd5b8ef63d60

  • SHA256

    9ae39100a818c97fd5b397c448f22e4d53daa4b8a0522c6c4999a1796680ce08

  • SHA512

    7e6bf401a03cf1b920d0bbb8863c36711785853958988ea2c03303f46f1d5cd0a3408a66d0e0db404729f5462384e17b61afa325a56f6fdab386376058e3fa9c

  • SSDEEP

    24576:7yk6/A/JAdcXrKI9/SmY5YIwJm+/BoVupHtTZt/TKk6dSA3B:ukFJAdcXWCe5YIwgQdpHpLTKg

  Score

  10^/10

  redlinemazasisterdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1