Extracted

• • Target

    6beff668a6cdb170e0a29dbfa73d0e61892185bdb48ad0fa16d3b24d0082f179

  • Size

    1.0MB

  • MD5

    d642aa04cddc0c2372c8982b2d790c1c

  • SHA1

    5f255f7fc4036ad821256e82486b6f7a7ced49fd

  • SHA256

    6beff668a6cdb170e0a29dbfa73d0e61892185bdb48ad0fa16d3b24d0082f179

  • SHA512

    b4fb09c24c52e0ee3cf72f23e6b886d7d359ef46981ff2cdd2d7daf8e58695f8cb11d5e7badff6afc4f502b1b76197f684310af8c2134e12fa862cdc816f9802

  • SSDEEP

    24576:syVZnr7rEiavyrqhWofIHh4jWqWUCvra0b2rHBSjb:bbjETkqh7W4jPWUCWnrH

  Score

  10^/10

  redlinedazadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1