Extracted

• • Target

    bf9dc910a2180ae219aa480371dadad20a44536b54551c425458c1c365f66859

  • Size

    1.0MB

  • MD5

    9e78ce7fde7f9e01a7cc17ffcdf0e6d1

  • SHA1

    73e99ae2f5c61f1dc100e644855220655868c78b

  • SHA256

    bf9dc910a2180ae219aa480371dadad20a44536b54551c425458c1c365f66859

  • SHA512

    638c30e261e93e3f26f9dd6f838bb886b8cc3751f216103aed0e31a955c72423b0fd7cf2166969577bbb627beed5a519142e3df8ebbeb579f6e758a69c081ff1

  • SSDEEP

    24576:KyeL6MMpb1JMAVLwLLne4xaURzAroevKYkm3QR9ChA6G2:RtMMp7tsrHxBRzAfKYkeEcG

  Score

  10^/10

  redlinedusordiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1