Extracted

• • Target

    formatter957.exe

  • Size

    1.0MB

  • MD5

    17cc2a645ede65f983a294ceeeb13198

  • SHA1

    edb2cc732904fcb7cd6e96726ad3344b87845083

  • SHA256

    4b7480329a21a3fa3ca7e9b4f897f0b5851088cc0578c4bcde9bb9403f0ff044

  • SHA512

    4d1370b1edc540b0585a06efbc1f5b5b08fdd944d2a29686dfb66b74dda89fae9681d82083d12782b107fa433171ef22aff5ddbc31c3ac97bb28652a2452b65b

  • SSDEEP

    24576:CyzQFbr9fuPESPJT1wxaR9QCHragboxBSv4K96O:pzQh9fuMSPpWER9Qezb+BxKc

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2