Extracted

• • Target

    fd0c36a8aad3f644589ae8575dc0c10cf7a8d4e382176bd60ce27091dd77dcc9

  • Size

    1.0MB

  • MD5

    13f60fce7130254d98bc2be1a110266d

  • SHA1

    acdb4b5e89efea2fadf4bf92ff3b581acba2d567

  • SHA256

    fd0c36a8aad3f644589ae8575dc0c10cf7a8d4e382176bd60ce27091dd77dcc9

  • SHA512

    72347766fa9a9b0e10b8a9a4352fc0a04e5a4c45e629285b9e2ba62c83c5d7ed181cbcb4a8a2a6121621ef0134457984c75c01f1256f1d346cbf07f7fcc06bc1

  • SSDEEP

    24576:Myv5dDPO5YtqNYiZEuG3ZDgEpPasSKgFc39k2bf:7vPgaqNZGpfasvgG39ke

  Score

  10^/10

  redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1