Extracted

• • Target

    5462daa4bdce910ea3cc1e4935fe71d59ab1e436922130b29dd0a91fb9784644

  • Size

    1.0MB

  • MD5

    1389af703f3548e59b4295f276600474

  • SHA1

    35268c666221a4459427c0ca09c8ecc898ddd73b

  • SHA256

    5462daa4bdce910ea3cc1e4935fe71d59ab1e436922130b29dd0a91fb9784644

  • SHA512

    42aee96c18156d3b5cbbc21006901fe440d7e127ce8642f3333f62abd1ac8878593b8046ccb424d616b54801d18c99eb7206c549b4c25b222d2a41312f422863

  • SSDEEP

    24576:gyLoytv+eEJm2IABQ18fLLl1ZY/b8ztIJ:nLoyJ+eEwoBQ1iL/ZNC

  Score

  10^/10

  redlinemerendiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1