Extracted

• • Target

    35647.exe

  • Size

    1.0MB

  • MD5

    e0c13213521584d4efd1d4962dc6cc23

  • SHA1

    006b36797290c0bd82a2530d873e01ae2a8f9ab0

  • SHA256

    bbfbc8baa1749a48c885d26b409fa77c0132abb3d5da335609987a3e75ad8f14

  • SHA512

    dc8b73a90b807f6c44f9eedc8b25283e15828630e79dbd7313f4695eca6fe7b6d4c94e09b8e84c89b894a926d4afe199a6ccaa8614a8709e1c140a8a81d8af28

  • SSDEEP

    24576:KyWnQHpbVqg3eqWNFgKl4VeRPLj3QU+kI6Czz:RnHpQtqWNKVuPLc5

  Score

  10^/10

  redlinedazaevasioninfostealerpersistencetrojandiscoveryspywarestealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2