Extracted

• • Target

    7547051651dd66c4f23404a9d3afabad114c8d9c760b51995e02ad221089babd

  • Size

    1.0MB

  • MD5

    3e97ad9067a56e700b9f5199030c0373

  • SHA1

    55ba1f3699bdb2cb2724dca286e35b15c29e6f4a

  • SHA256

    7547051651dd66c4f23404a9d3afabad114c8d9c760b51995e02ad221089babd

  • SHA512

    0f96e36a653e4259172d22041c08c4e8c78c2821197c50a1932acce9a66856781a7adfbae37613f4ed59f2c386b43f173c42360113c827ee0b84cf948db3c9b8

  • SSDEEP

    24576:UyiQEnC68TnovtgZKb2iaL8R2LHkLBcijjM0q4Vm7OUrLGWp+:jLNoyKPaQR2ALBC0q4Vm7OUHGY

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1