Extracted

• • Target

    5a09e485bfa589266ea84bce2b715a51b559a9f96a3fb66834bf8218246fe305

  • Size

    1.0MB

  • MD5

    9ac264ed76143bf87c3fa2f7b951d7a0

  • SHA1

    3f973b618c0b8569d3837035a4fd7cefd3b0a866

  • SHA256

    5a09e485bfa589266ea84bce2b715a51b559a9f96a3fb66834bf8218246fe305

  • SHA512

    563f90c394baa87d7004228d28f42bcf5508ab81e963f263b780cf21e2dd2b75de89b6d1419747e49b54ecce702bd6c84412c5c177dcc6b6066f78798c99b948

  • SSDEEP

    24576:nyfBXtkSJXqUOP04zTup5QO1ctAv9b65l+Kn/e5FJO:yp5JXqUOM4zTu4Ob1O5cz7

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1