Extracted

• • Target

    f7654b4982c0403301f0c20dcdb4e38280a373224da58391df35376f98841ae5

  • Size

    1.0MB

  • MD5

    d740b2ba5cb1a488aa05ea50147b31a3

  • SHA1

    756f2accef0d3e646ff272919286ed213c585a51

  • SHA256

    f7654b4982c0403301f0c20dcdb4e38280a373224da58391df35376f98841ae5

  • SHA512

    7d2ab7b1cca8468b827098af93a89b0d91ab6f9126810989ab5d5d5628bfd7ae50b213ab9d1634b0b20a3656145ed59011a827cacea5b8fd8a2da8a5174c4f4e

  • SSDEEP

    12288:CMrDy90b99WrSdrRcmcceqo9D2heFnSo2Kh1nNSsVMEDXyfvOPpILqOx8BMDDORv:ZyGrn3c5cJhYSALssuEDyq6k2DDOtBJ

  Score

  10^/10

  redlinederendiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1