Extracted

• • Target

    074c9964f9485771bce6a7f945297ef2.exe

  • Size

    1021KB

  • MD5

    074c9964f9485771bce6a7f945297ef2

  • SHA1

    bff9faa86c1f22d1b58487762a20e2f6f224ff0d

  • SHA256

    2ed81c8a70821f622a4032f6fefc00a25c4cce03df139afe47f3d0d4209dc972

  • SHA512

    05366d213ae54c547412a45e014cb943f18770664fe2f9986c73acc6a9807910b4c2acb47419d545bf50f4c2d46915d87eb572e425090c5f84398558347595b6

  • SSDEEP

    24576:DyJr1oGVE1N5G5suTW15qY7QQ0VLfzut4c:W51o6E1NPu4X0VLLu

  Score

  10^/10

  redlinelaxakdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2