Extracted

• • Target

    7e560a16afc4c27d4d0c9a784d4467f2a64f89a08f412742de20a5cb55b5d5b3

  • Size

    1.0MB

  • MD5

    ea18c1838cadfd87eb70d94d4e47f082

  • SHA1

    52195c21be0c6406876db5a299883efe9ec0567e

  • SHA256

    7e560a16afc4c27d4d0c9a784d4467f2a64f89a08f412742de20a5cb55b5d5b3

  • SHA512

    7468da5953dc13ac356ae8a0ec38b7037a205a9463d78d93b6e13d82bce64c5d72430b11ca9788fedf5da9d8f94557816bec9c0b7aaf37a52b5823c35d63e949

  • SSDEEP

    24576:hyt1HlgaCY9rR1pdsGC62xYewZ2aoJnxGLrATwIT:Ut1HlgaC4rR1pdclnLGLsTw

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1