Extracted

• • Target

    driver164.exe

  • Size

    1.0MB

  • MD5

    55dcace15a05bcf9493010f3f6a9119c

  • SHA1

    82ad32333fe9c8ec7b21fb5d97c63519c31863fd

  • SHA256

    84eee08eea754b3c0dc7cc91c8bc81834c9c127cc0bbf57a1f8d665e405bc426

  • SHA512

    1cf5478f7670878080d27ce7d0e23611aa589ea4ef1a30654b9c12bf453063f0cad8623a5e36a311aa6d1847b22bebc5df7b41097d4892c8f82f3d4d495047f2

  • SSDEEP

    24576:kyndB82e+XL2ZNqMfyRkvkW017rkulnK/mpLvOHYCjC3poQv:zdB9PcqMfyRnj7rJl/YHBQ

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2