Extracted

• • Target

    a41fcda8b58378176bce968f0132c674fbe347db556838e62f96a6490937f7f1

  • Size

    1.0MB

  • MD5

    1df1ec960eed2823844a67e16f7d7f74

  • SHA1

    2613426b7159b5d0931290f8702282e392b870cc

  • SHA256

    a41fcda8b58378176bce968f0132c674fbe347db556838e62f96a6490937f7f1

  • SHA512

    f2cb2c2fe9144ec4ec3d7a9e55dcb2a6dcda61d1b15705840811b59e7327c938ca03fc43c82101ea2f8a4d0c9dbd6865d1e7175a83cac65eb054eb31421d140d

  • SSDEEP

    24576:uyMzuYPkrYkZn/7qEli91/w2w6atbIi3Z03H1:9y2Y+n/7qH/BwpIi3

  Score

  10^/10

  redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1