Extracted

Extracted

• • Target

    CanHazCode.dll.exe

  • Size

    1.1MB

  • MD5

    3e29b6ceed99ecaa3604ec4130be35a2

  • SHA1

    1791b2bd2ca71ee187aa9d6937aa01591eec8de5

  • SHA256

    c768057b3effeca841525b10ec52166132ba93566e019989b79fdff2aadce29b

  • SHA512

    335b4eac68cdababd683296a1796cbd124fbbf66a888dc48a29309b8bd61e85121aff3e1d499ffbbeb204b32ca20755e190dd54512fe812d9a98e18b7f89df19

  • SSDEEP

    24576:LyOoDqiySPCSMZilP4Iuc8DytAj5WsIpZbNoM3E:+J13D5+eAjoVpZbp

  Score

  10^/10

  redlinedoponsraladiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2