Extracted

• • Target

    3620f67731570363b4bcbb65f214c52680cdb2ca265fabf0326eefa7fc08959b

  • Size

    1.0MB

  • MD5

    1a2cd63036b012e5774ccf1e4a06618e

  • SHA1

    f4714f3151cb3a7c0c31b31f8b75d33a6fe4a535

  • SHA256

    3620f67731570363b4bcbb65f214c52680cdb2ca265fabf0326eefa7fc08959b

  • SHA512

    25583c0462c950a09ef0009c5c9b5fe450373a116387dc011d5d62619de5588094c62faab00c43d2e7ccca6f3d294b9da460ae799ad7c177719ff993f852de66

  • SSDEEP

    24576:WyA3Oxy7I/ZdkxcmVyWnDlBK8Nj8whN3/QJ4gTBA4:lA3M/ZovVyWDbKzwD/Q63

  Score

  10^/10

  redlinederendiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1