Extracted

• • Target

    c59a283885618f50a79426ac22d3eb4562e788334672a47878a9c9bbb4d0c550

  • Size

    1.0MB

  • MD5

    3842a33a06c2d0b76d0941eb5d371c0c

  • SHA1

    6b4b088108510dbec83ca6a434b458a0196ba0c5

  • SHA256

    c59a283885618f50a79426ac22d3eb4562e788334672a47878a9c9bbb4d0c550

  • SHA512

    515078ffef99c394144cc2a4c9b8f6f7a767faf672fac8b3fdd0587b55cb57030f28862205af6eac14e608426d4763f285220992ae7cb111c8f097ad478b936f

  • SSDEEP

    24576:fyGkJy8uevjXgmTwQX9I3JUiCeUtv9aMMOXX:qGkg8ueLXgEwg9sCiCeUt9PvX

  Score

  10^/10

  redlinemolsdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1