Extracted

• • Target

    920da3a38860b3a3dc5abfe1878ece419365be673cf4aa4428a84436965bba56

  • Size

    1.0MB

  • MD5

    fe6debbabcc97ab8fab0cea9231786e5

  • SHA1

    cf6f326864fcb49e0b833b37e5ea776d1d0fa361

  • SHA256

    920da3a38860b3a3dc5abfe1878ece419365be673cf4aa4428a84436965bba56

  • SHA512

    6b76f76d01a38473f023919b9181445741bb5d09b83f5870117e68a909d6de4867bd0cf73e15ef4470de6ea29c65a64e6231d057db5e10fd1271b22d1a617c59

  • SSDEEP

    24576:0yBctSjRnimi3uJUTLKofFOL/v8zVffKIxJyhG:DKtSjD6LKofFAi8

  Score

  10^/10

  redlineduperdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1