Extracted

• • Target

    starter.dll.exe

  • Size

    1020KB

  • MD5

    1210e52ed4779910ac599e817eda5df7

  • SHA1

    c55af0940b15c030a89c09e82b8bec9f508c75fe

  • SHA256

    dd4e958f7d4a15f46bd5f2b7495cb1ea9b3fdd4921e380cf98f2631b6b96d8a3

  • SHA512

    edd29566d710108decf7475360689e20a9d9e2c5db012e9be229184cf2cb89c66d8a466e0692fe06d5b759b4a29b79f70e528e418e7696dec5fe4f9365ea2f8a

  • SSDEEP

    24576:ty5KZVH4SlQbUfLGnKDTdcr2aShjjtlFqK10zJtSdheTu:I5KPETnKDyr2aShHBHizJtFT

  Score

  10^/10

  redlineduperdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2