Extracted

• • Target

    32332459.exe

  • Size

    1.0MB

  • MD5

    6e0877bd751feedb8bb5d8492797818f

  • SHA1

    cd283db75daec8a739328dd22c2bc22ffb7b5eb3

  • SHA256

    16289c61f33d8ed03c39e73f8d45d562dea33739bf2a00d2a71c4db944c85efa

  • SHA512

    a43be7b081430bb354ddc6df7909c78706664e09d0ac5ce3435756ce13d6e7d5f3161745184fc1666bd28d618ab3a63a0a2c490f3060941703ee7136c605853c

  • SSDEEP

    24576:WycwaavV5AgKtvWbfIQR0p3mjGoI2JkowsjT9r:lciV5AggubwQR0kGF2yorjT

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2