Extracted

• • Target

    579d370e4ed060db50611695e8a913e61df83780d29572b8930d4478429627e4

  • Size

    1.0MB

  • MD5

    6ea76d3437dbfa5fea5bcb0810b257c5

  • SHA1

    18818906d4d56c45c4923e085b3ed7b3d12631a4

  • SHA256

    579d370e4ed060db50611695e8a913e61df83780d29572b8930d4478429627e4

  • SHA512

    05804cd1ae5bb845ef14522a8ccebea77539d921a2cca25f1ec22b97e246b87629f4e482f402d8e1e5df2f67b6798090a0c3170fe97b8492a5dd17df1c7afc48

  • SSDEEP

    12288:iMr8y90P/5t7H31DPdjfHzQk1wdTGyA12M0ZJ6u3KkKV8oVnmRv5ZbsFuerpIV+O:WyO5dhz31whbAwfGncbbA7r6bpjWRLc

  Score

  10^/10

  redlinedolzdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1