Extracted

• • Target

    2c832a7d633d25dee2925725c3ee320f1edbba083bbf692869e7b835ebc89e4d

  • Size

    1.0MB

  • MD5

    0ce276020f9848e6c73f3eb95fa4a36c

  • SHA1

    fcffd56350537174f7d378af448e563a426a63b8

  • SHA256

    2c832a7d633d25dee2925725c3ee320f1edbba083bbf692869e7b835ebc89e4d

  • SHA512

    a55142aa7245b59e232d8608da2bc4364a26eb4e5d6b74aa11ef5152e16be30b2513f28add9581a082c23cd31627b4cfb03869ec0977d6d98b04560fbf688a19

  • SSDEEP

    24576:7yZIEmOm59kf1dqO/0RMBmJ/LEOWzOg/Yj4/i/fZr98:uZF7bf1dqOs+MJDEOu/ofZr9

  Score

  10^/10

  redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1