Extracted

• • Target

    2fd2feba6bd44c7fc88285cde61e84faea2ef90788efa583d314c2ecaa48b7b4

  • Size

    1.0MB

  • MD5

    439b246eb9ffda3cbd363190f06b0d9a

  • SHA1

    e510493ca440037e544e96332246d21b80c430ea

  • SHA256

    2fd2feba6bd44c7fc88285cde61e84faea2ef90788efa583d314c2ecaa48b7b4

  • SHA512

    554aec13d3816bb2e0559f2740f71d81b74b8e669f440358b0a4787e66d7d749ea48ecbd5ceda32de9addfc8b2577ce59bb7cf16efff0cf2fd5d646e531b006b

  • SSDEEP

    24576:fyaVOx48A4yA/foh/VLryFLfYqVLIyl9iwf1g:qaVOK8A4yAY5VaVrV8y3iw

  Score

  10^/10

  redlinemuserdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1