Extracted

• • Target

    game329.exe

  • Size

    1.0MB

  • MD5

    93a840f72b285d9d277c8d9f83f453a6

  • SHA1

    8db24b9550db96ccae599f9a7d2d3db7ee5e8934

  • SHA256

    f4b937ca01d2977a86ca85f41b70e6d56eb21e7379dc41403a21a50dfd59c858

  • SHA512

    880848926e406ffd34c89e6dec5fc37a189c6049eceb67c3126232c780477482e327159748376f8f501ae89fc2aef71c71248a8161745753a0c65a2573e6a6dd

  • SSDEEP

    24576:gySGer1lLFwtaDOxbWzq7RqFaU3ICLMM0jVbkP6Z2ls/+NX:nSGer1lJkaDOIzq7RqgU3l+M6Z2lsk

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2