Extracted

• • Target

    84f3d0673eb3af855af29979be1f12ebbdfc16f80da17de86d5d49481df07da2

  • Size

    1.0MB

  • MD5

    397c6efdfc73665ae680dd7083029b43

  • SHA1

    a618deac33730d88f21488debc49b96928406e7c

  • SHA256

    84f3d0673eb3af855af29979be1f12ebbdfc16f80da17de86d5d49481df07da2

  • SHA512

    2aeb719f53d156d96e54140f1ad8eab225e91883ac97072bdb6d0151d8fa2d83120b696c4ee7e2f334a874c1283fea50a055d14a684fd8708d11300d5df1b17d

  • SSDEEP

    24576:iy+XgIK2K6KrQzLCWEPVbx+H5NW3R8VgXszq:J+QIK22+Hs+H/m8z

  Score

  10^/10

  redlinedreamdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2