Extracted

• • Target

    notifier578.exe

  • Size

    1.0MB

  • MD5

    ef68b88498ccb6e7b5793a8b17176c9b

  • SHA1

    d37a8e99da8adbdcee4baf23f83636deae2c6328

  • SHA256

    8438cd37a6e0aec36c84b4d18ce8005fe856f7b3ebd26d2de58610eab1418a14

  • SHA512

    2d3f62baf691b276609e148d3a166bf1ab2772822583348dbd4fe7f6127507b691777282c1173a9eaeb42d49536f7ac36a31c4df6ab1e5030050a5530e8735c6

  • SSDEEP

    24576:qyopOyTwkYuzrX5qjxUTxqmjzv2U8DEVOJ0AyS6rJPnfaRaP7Kxz4:xoYyTwh2rX5qjxUDjzeDEsD6rJPnfoKk

  Score

  10^/10

  redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2